Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
pbz3swuapf.exe

Overview

General Information

Sample name:pbz3swuapf.exe
Analysis ID:1590645
MD5:170c87f28c0983e4263759e9f9f39ee0
SHA1:49491aa3db74c005763597d15d74f6a252010e57
SHA256:14b0435d8e3583abc0b622b0a6d5b07544f045dfcbf5058c008acc7def5252ad
Tags:exemalwaretrojanuser-Joker
Infos:

Detection

Python Stealer
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Potentially malicious time measurement code found
Yara detected Generic Python Stealer
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info

Classification

Process Tree

  • System is w10x64
  • pbz3swuapf.exe (PID: 7268 cmdline: "C:\Users\user\Desktop\pbz3swuapf.exe" MD5: 170C87F28C0983E4263759E9F9F39EE0)
    • pbz3swuapf.exe (PID: 7324 cmdline: "C:\Users\user\Desktop\pbz3swuapf.exe" MD5: 170C87F28C0983E4263759E9F9F39EE0)
      • cmd.exe (PID: 7348 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: pbz3swuapf.exe PID: 7324JoeSecurity_GenericPythonStealerYara detected Generic Python StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: pbz3swuapf.exeVirustotal: Detection: 22%Perma Link
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
    Source: pbz3swuapf.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pywintypes.pdb** source: pbz3swuapf.exe, 00000001.00000002.1771765736.00007FFE0EB50000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32api.pdb source: pbz3swuapf.exe, 00000001.00000002.1771238363.00007FFE0E173000.00000002.00000001.01000000.00000012.sdmp, win32api.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.0.dr
    Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: pbz3swuapf.exe, 00000000.00000003.1713414943.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1775106919.00007FFE13303000.00000002.00000001.01000000.0000000C.sdmp, select.pyd.0.dr
    Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: pbz3swuapf.exe, 00000000.00000003.1697497260.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1772238412.00007FFE110F2000.00000002.00000001.01000000.00000025.sdmp, _uuid.pyd.0.dr
    Source: Binary string: D:\_w\1\b\bin\amd64\sqlite3.pdb source: pbz3swuapf.exe, 00000001.00000002.1766904172.00007FFDFBA8A000.00000002.00000001.01000000.00000019.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\_sqlite3.pdb source: pbz3swuapf.exe, 00000001.00000002.1771853729.00007FFE101DE000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: cryptography_rust.pdbc source: pbz3swuapf.exe, 00000001.00000002.1764130918.00007FFDFAC47000.00000002.00000001.01000000.00000028.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\_overlapped.pdb source: pbz3swuapf.exe, 00000000.00000003.1695378830.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1774148086.00007FFE120C6000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: pbz3swuapf.exe, 00000000.00000003.1693171915.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1774412891.00007FFE12E15000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: pbz3swuapf.exe, 00000001.00000002.1768975927.00007FFE01396000.00000002.00000001.01000000.00000014.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: pbz3swuapf.exe, 00000000.00000003.1693427694.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1773976285.00007FFE11EDD000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\_multiprocessing.pdb source: pbz3swuapf.exe, 00000000.00000003.1695188368.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pythoncom.pdb source: pbz3swuapf.exe, 00000001.00000002.1769256791.00007FFE0142C000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: pbz3swuapf.exe, 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: pbz3swuapf.exe, 00000000.00000003.1695530525.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1774871862.00007FFE130C3000.00000002.00000001.01000000.0000000E.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: pbz3swuapf.exe, 00000001.00000002.1771075754.00007FFE0E13D000.00000002.00000001.01000000.00000013.sdmp, _ssl.pyd.0.dr
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32api.pdb!! source: pbz3swuapf.exe, 00000001.00000002.1771238363.00007FFE0E173000.00000002.00000001.01000000.00000012.sdmp, win32api.pyd.0.dr
    Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: pbz3swuapf.exe, 00000000.00000003.1694363369.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1771566250.00007FFE0EB27000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: pbz3swuapf.exe, 00000000.00000003.1694834344.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1773749922.00007FFE11EBC000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: params.pparams.qparams.gpub_keypriv_keyossl_ec_group_new_excrypto\ec\ec_lib.cEC_GROUP_copyEC_GROUP_set_generatorEC_GROUP_set_curveEC_GROUP_get_curveEC_GROUP_get_degreeEC_GROUP_check_discriminantEC_POINT_newEC_POINT_copyEC_POINT_set_to_infinityEC_POINT_set_Jprojective_coordinates_GFpEC_POINT_set_affine_coordinatesEC_POINT_get_affine_coordinatesEC_POINT_addEC_POINT_dblEC_POINT_invertEC_POINT_is_at_infinityEC_POINT_is_on_curveEC_POINT_cmpEC_POINT_mulEC_GROUP_get_trinomial_basisEC_GROUP_get_pentanomial_basisgroup_new_from_nameossl_ec_group_set_paramsencodingdecoded-from-explicitEC_GROUP_new_from_paramsgeneratorcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.4.0built on: Wed Nov 27 17:13:13 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/AOSSL_WINCTX: Undefinednot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: pbz3swuapf.exe, 00000001.00000002.1764130918.00007FFDFAC47000.00000002.00000001.01000000.00000028.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: pbz3swuapf.exe, 00000001.00000002.1764130918.00007FFDFAC47000.00000002.00000001.01000000.00000028.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
    Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbNN source: pbz3swuapf.exe, 00000000.00000003.1694834344.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1773749922.00007FFE11EBC000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: pbz3swuapf.exe, 00000001.00000002.1775292497.00007FFE13340000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32ui.pdb source: win32ui.pyd.0.dr
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\_win32sysloader.pdb source: pbz3swuapf.exe, 00000000.00000003.1715511086.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32trace.pdb source: pbz3swuapf.exe, 00000000.00000003.1716054233.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, win32trace.pyd.0.dr
    Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: pbz3swuapf.exe, 00000001.00000002.1764130918.00007FFDFAC47000.00000002.00000001.01000000.00000028.sdmp
    Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: pbz3swuapf.exe, 00000001.00000002.1768975927.00007FFE01396000.00000002.00000001.01000000.00000014.sdmp
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32ui.pdbOO source: win32ui.pyd.0.dr
    Source: Binary string: D:\_w\1\b\bin\amd64\pyexpat.pdb source: pbz3swuapf.exe, 00000001.00000002.1771970924.00007FFE10252000.00000002.00000001.01000000.0000000D.sdmp, pyexpat.pyd.0.dr
    Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: pbz3swuapf.exe, 00000000.00000003.1696192785.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1772763609.00007FFE11518000.00000002.00000001.01000000.0000000B.sdmp, _socket.pyd.0.dr
    Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: pbz3swuapf.exe, 00000000.00000003.1711277872.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758451564.000001C1D9F20000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: pbz3swuapf.exe, 00000000.00000003.1692842172.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1775686057.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
    Source: Binary string: D:\_w\1\b\bin\amd64\_asyncio.pdb source: pbz3swuapf.exe, 00000000.00000003.1693285247.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1772088263.00007FFE10307000.00000002.00000001.01000000.00000016.sdmp
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pywintypes.pdb source: pbz3swuapf.exe, 00000001.00000002.1771765736.00007FFE0EB50000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmp
    Source: Binary string: cryptography_rust.pdb source: pbz3swuapf.exe, 00000001.00000002.1764130918.00007FFDFAC47000.00000002.00000001.01000000.00000028.sdmp
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pythoncom.pdb}},GCTL source: pbz3swuapf.exe, 00000001.00000002.1769256791.00007FFE0142C000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\python311.pdb source: pbz3swuapf.exe, 00000001.00000002.1765449163.00007FFDFB65B000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.dr
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1q 5 Jul 2022built on: Thu Aug 18 20:15:42 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: pbz3swuapf.exe, 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: pbz3swuapf.exe, 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmp
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78883B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7D78883B0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78892F0 FindFirstFileExW,FindClose,0_2_00007FF7D78892F0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78A18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7D78A18E4
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78892F0 FindFirstFileExW,FindClose,1_2_00007FF7D78892F0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78A18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF7D78A18E4
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78883B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF7D78883B0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF93229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,1_2_00007FFDFAF93229
    Source: unknownTCP traffic detected without corresponding DNS query: 178.208.187.105
    Source: unknownTCP traffic detected without corresponding DNS query: 178.208.187.105
    Source: unknownTCP traffic detected without corresponding DNS query: 178.208.187.105
    Source: unknownTCP traffic detected without corresponding DNS query: 178.208.187.105
    Source: unknownTCP traffic detected without corresponding DNS query: 178.208.187.105
    Source: unknownTCP traffic detected without corresponding DNS query: 178.208.187.105
    Source: unknownTCP traffic detected without corresponding DNS query: 178.208.187.105
    Source: unknownTCP traffic detected without corresponding DNS query: 178.208.187.105
    Source: unknownTCP traffic detected without corresponding DNS query: 178.208.187.105
    Source: unknownTCP traffic detected without corresponding DNS query: 178.208.187.105
    Source: global trafficHTTP traffic detected: GET /bababa31692_token.txt HTTP/1.1Host: 178.208.187.105User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: */*Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /7118723753_chat.txt HTTP/1.1Host: 178.208.187.105User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: */*Connection: keep-alive
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: - https://www.facebook.com/groups/ equals www.facebook.com (Facebook)
    Source: pbz3swuapf.exe, 00000001.00000002.1761857693.000001C1DDBA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
    Source: pbz3swuapf.exe, 00000001.00000002.1763136146.000001C1DF880000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://178.208.187.105/7118723753_chat.txt
    Source: pbz3swuapf.exe, 00000001.00000002.1763136146.000001C1DF880000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://178.208.187.105/7118723753_chat.txt0
    Source: pbz3swuapf.exe, 00000001.00000002.1763136146.000001C1DF880000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://178.208.187.105/bababa31692_token.txt
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://178.208.187.105/bababa31692_token.txt32
    Source: pbz3swuapf.exe, 00000001.00000002.1761541269.000001C1DD7A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://aka.ms/vcpython27
    Source: pbz3swuapf.exe, 00000001.00000002.1761132613.000001C1DD50B000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761223076.000001C1DD5E8000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761132613.000001C1DD4D0000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761397793.000001C1DD6F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
    Source: pbz3swuapf.exe, 00000001.00000002.1762262256.000001C1DE420000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue23606)
    Source: pbz3swuapf.exe, 00000000.00000003.1710403861.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: pbz3swuapf.exe, 00000000.00000003.1711911689.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711095558.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693931339.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696654390.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1713414943.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695530525.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694363369.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697497260.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711277872.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1714227288.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693427694.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693285247.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99AA2000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1710528467.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694834344.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697095680.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695378830.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696192785.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695188368.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697497260.000001AC99AA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: pbz3swuapf.exe, 00000000.00000003.1710403861.000001AC99A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertS
    Source: pbz3swuapf.exe, 00000000.00000003.1710403861.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: pbz3swuapf.exe, 00000000.00000003.1710403861.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
    Source: pbz3swuapf.exe, 00000000.00000003.1711911689.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1709733120.000001AC99AA1000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711095558.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693931339.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696654390.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1713414943.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695530525.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694363369.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697497260.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711277872.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1714227288.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693427694.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693285247.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1710528467.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694834344.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697095680.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695378830.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696192785.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695188368.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694150446.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: pbz3swuapf.exe, 00000000.00000003.1711911689.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711095558.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693931339.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696654390.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1713414943.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695530525.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694363369.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697497260.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711277872.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1714227288.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693427694.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693285247.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1710528467.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694834344.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697095680.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695378830.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696192785.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695188368.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694150446.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1709733120.000001AC99A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: pbz3swuapf.exe, 00000000.00000003.1711911689.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1709733120.000001AC99AA1000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711095558.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693931339.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696654390.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1713414943.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695530525.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694363369.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697497260.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711277872.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1714227288.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693427694.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693285247.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99AA2000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1710528467.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694834344.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697095680.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695378830.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696192785.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695188368.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: pbz3swuapf.exe, 00000001.00000002.1762262256.000001C1DE420000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cffi.readthedocs.io/en/latest/cdef.html#ffi-cdef-limitations
    Source: pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC41F000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1733922743.000001C1DC465000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1739697380.000001C1DC668000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1739664093.000001C1DC64F000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC4C4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1739401877.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
    Source: pbz3swuapf.exe, 00000001.00000003.1736137438.000001C1DBEEB000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1733808770.000001C1DC4CE000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1733808770.000001C1DC48E000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758948813.000001C1DBEEB000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1735041911.000001C1DC4EE000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1734447628.000001C1DBF6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
    Source: pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
    Source: pbz3swuapf.exe, 00000001.00000002.1760646498.000001C1DCFE2000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758849419.000001C1DBC91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD248000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC5AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
    Source: pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
    Source: pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
    Source: pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crlS
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
    Source: pbz3swuapf.exe, 00000001.00000002.1760646498.000001C1DCFE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlP2
    Source: pbz3swuapf.exe, 00000000.00000003.1711911689.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711095558.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693931339.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696654390.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1713414943.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695530525.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694363369.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697497260.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711277872.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1714227288.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693427694.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693285247.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99AA2000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1710528467.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694834344.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697095680.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695378830.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696192785.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695188368.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697497260.000001AC99AA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: pbz3swuapf.exe, 00000000.00000003.1710403861.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: pbz3swuapf.exe, 00000000.00000003.1710403861.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
    Source: pbz3swuapf.exe, 00000000.00000003.1711911689.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1709733120.000001AC99AA1000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711095558.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693931339.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696654390.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1713414943.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695530525.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694363369.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697497260.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711277872.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1714227288.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693427694.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693285247.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99AA2000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1710528467.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694834344.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697095680.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695378830.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696192785.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695188368.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: pbz3swuapf.exe, 00000000.00000003.1711911689.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711095558.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693931339.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696654390.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1713414943.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695530525.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694363369.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697497260.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711277872.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1714227288.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693427694.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693285247.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1710528467.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694834344.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697095680.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695378830.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696192785.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695188368.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694150446.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1709733120.000001AC99A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: _ctypes.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: pbz3swuapf.exe, 00000000.00000003.1710403861.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: pbz3swuapf.exe, 00000000.00000003.1710403861.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
    Source: pbz3swuapf.exe, 00000000.00000003.1710403861.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: pbz3swuapf.exe, 00000000.00000003.1711911689.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1709733120.000001AC99AA1000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711095558.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693931339.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696654390.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1713414943.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695530525.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694363369.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697497260.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711277872.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1714227288.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693427694.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693285247.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99AA2000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1710528467.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694834344.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697095680.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695378830.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696192785.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695188368.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: pbz3swuapf.exe, 00000000.00000003.1710403861.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: pbz3swuapf.exe, 00000000.00000003.1710403861.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
    Source: pbz3swuapf.exe, 00000001.00000002.1761223076.000001C1DD5E8000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761397793.000001C1DD6F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
    Source: pbz3swuapf.exe, 00000001.00000002.1761223076.000001C1DD5E8000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761397793.000001C1DD6F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
    Source: pbz3swuapf.exe, 00000001.00000002.1761132613.000001C1DD50B000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761223076.000001C1DD5E8000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761132613.000001C1DD4D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
    Source: pbz3swuapf.exe, 00000001.00000002.1761132613.000001C1DD50B000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1762023069.000001C1DDDA0000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC41F000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1762262256.000001C1DE4E8000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761223076.000001C1DD5E8000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1762379241.000001C1DE530000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761132613.000001C1DD4D0000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761397793.000001C1DD6F4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1762262256.000001C1DE420000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
    Source: pbz3swuapf.exe, 00000001.00000002.1761857693.000001C1DDBA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
    Source: pbz3swuapf.exe, 00000001.00000002.1761619715.000001C1DD8A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
    Source: pbz3swuapf.exe, 00000001.00000002.1761619715.000001C1DD8A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
    Source: pbz3swuapf.exe, 00000001.00000002.1761619715.000001C1DD8A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
    Source: pbz3swuapf.exe, 00000001.00000003.1739401877.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertoolh
    Source: pbz3swuapf.exe, 00000001.00000002.1760022565.000001C1DC780000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1760205640.000001C1DCAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
    Source: pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/unittest.html
    Source: pbz3swuapf.exe, 00000001.00000002.1759387153.000001C1DC280000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/ActiveState/appdirs
    Source: pbz3swuapf.exe, 00000001.00000002.1762103057.000001C1DDEA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl.
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
    Source: pbz3swuapf.exe, 00000001.00000002.1760646498.000001C1DD06A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
    Source: pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC5AF000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC4C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
    Source: pbz3swuapf.exe, 00000001.00000002.1761132613.000001C1DD4D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/post
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json
    Source: pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC734000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758849419.000001C1DBC91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
    Source: pbz3swuapf.exe, 00000001.00000002.1762184070.000001C1DDFC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
    Source: pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
    Source: pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
    Source: pbz3swuapf.exe, 00000000.00000003.1711911689.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1709733120.000001AC99AA1000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711095558.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693931339.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696654390.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1713414943.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695530525.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694363369.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697497260.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711277872.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1714227288.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693427694.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693285247.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1710528467.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694834344.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697095680.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695378830.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696192785.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695188368.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694150446.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
    Source: pbz3swuapf.exe, 00000000.00000003.1711911689.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1709733120.000001AC99AA1000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711095558.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693931339.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696654390.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1713414943.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695530525.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694363369.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697497260.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711277872.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1714227288.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693427694.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693285247.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99AA2000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1710528467.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694834344.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697095680.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695378830.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696192785.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695188368.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: pbz3swuapf.exe, 00000000.00000003.1711911689.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711095558.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693931339.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696654390.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1713414943.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695530525.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694363369.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697497260.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711277872.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1714227288.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693427694.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693285247.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99AA2000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1710528467.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694834344.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697095680.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695378830.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696192785.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695188368.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697497260.000001AC99AA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
    Source: pbz3swuapf.exe, 00000000.00000003.1710403861.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: pbz3swuapf.exe, 00000000.00000003.1710403861.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: http://ocsp.digicert.com0O
    Source: pbz3swuapf.exe, 00000000.00000003.1711911689.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711095558.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693931339.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696654390.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1713414943.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695530525.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694363369.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697497260.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711277872.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1714227288.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693427694.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693285247.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1710528467.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694834344.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697095680.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695378830.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696192785.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695188368.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694150446.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1709733120.000001AC99A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: pbz3swuapf.exe, 00000001.00000003.1733922743.000001C1DC465000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1732794987.000001C1DC465000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759387153.000001C1DC280000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
    Source: pbz3swuapf.exe, 00000001.00000002.1762023069.000001C1DDDA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://python.org
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD1F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://python.org/
    Source: pbz3swuapf.exe, 00000001.00000002.1762023069.000001C1DDDA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://python.org:80
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD248000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC5AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/%j
    Source: pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/Cd
    Source: pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/CdS
    Source: pbz3swuapf.exe, 00000001.00000002.1760367614.000001C1DCCA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/19622133/
    Source: pbz3swuapf.exe, 00000001.00000002.1761132613.000001C1DD50B000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1760646498.000001C1DD06A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76
    Source: pbz3swuapf.exe, 00000001.00000002.1761132613.000001C1DD50B000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761397793.000001C1DD6F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
    Source: pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC41F000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1763136146.000001C1DF82C000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1762881741.000001C1DF6A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5234
    Source: pbz3swuapf.exe, 00000001.00000002.1762379241.000001C1DE530000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1762881741.000001C1DF640000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
    Source: pbz3swuapf.exe, 00000001.00000002.1760646498.000001C1DD06A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
    Source: pbz3swuapf.exe, 00000001.00000002.1761857693.000001C1DDBA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
    Source: pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC41F000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1763136146.000001C1DF82C000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1762881741.000001C1DF6A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6455#section-5.2
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD1F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
    Source: pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
    Source: pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlvd
    Source: pbz3swuapf.exe, 00000001.00000002.1758849419.000001C1DBC91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
    Source: pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
    Source: pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758849419.000001C1DBC91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
    Source: pbz3swuapf.exe, 00000001.00000002.1762604269.000001C1DE6B2000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761397793.000001C1DD6F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
    Source: pbz3swuapf.exe, 00000001.00000002.1759387153.000001C1DC280000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
    Source: pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
    Source: pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/7Y
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/vs
    Source: pbz3swuapf.exe, 00000001.00000003.1732885097.000001C1DC46F000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1732794987.000001C1DC465000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
    Source: pbz3swuapf.exe, 00000001.00000002.1761132613.000001C1DD50B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
    Source: pbz3swuapf.exe, 00000001.00000002.1762262256.000001C1DE420000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dabeaz.com/ply)
    Source: pbz3swuapf.exe, 00000000.00000003.1711911689.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1709733120.000001AC99AA1000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711095558.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693931339.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696654390.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1713414943.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695530525.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694363369.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697497260.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1711277872.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1714227288.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693427694.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1693285247.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1710528467.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694834344.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1697095680.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695378830.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1696192785.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1695188368.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1694150446.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
    Source: pbz3swuapf.exe, 00000001.00000003.1732913967.000001C1DBE34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
    Source: pbz3swuapf.exe, 00000001.00000003.1732885097.000001C1DC46F000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1732794987.000001C1DC465000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps.k
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
    Source: pbz3swuapf.exe, 00000001.00000002.1761223076.000001C1DD5E8000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD1F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
    Source: pbz3swuapf.exe, 00000001.00000002.1761223076.000001C1DD5E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD1F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
    Source: pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761132613.000001C1DD4D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://127.0.0.1:8443
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://account.riotgames.com/api/account/v1/user
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.reddit.com/api/access_token
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.gofile.io/getServer
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.hypixel.net/player?key=aa5d84c7-f617-4069-9e64-ae177cd7b869&uuid=
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.namemc.com/profile/
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/IPlayerService/GetOwnedGames/v0001/?key=440D7F4D810EF9298D25EDDF37C1F90
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/IPlayerService/GetSteamLevel/v1/?key=440D7F4D810EF9298D25EDDF37C1F902&s
    Source: pbz3swuapf.exe, 00000001.00000002.1761696383.000001C1DD9A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=440D7F4D810EF9298D25EDDF37C1F9
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://battle.net
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://blog.jaraco.com/skeleton
    Source: pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1762103057.000001C1DDEA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue37179
    Source: pbz3swuapf.exe, 00000001.00000003.1731410119.000001C1DBEEA000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1731246192.000001C1DBE64000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758948813.000001C1DBD80000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1731195224.000001C1DBEEA000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1734447628.000001C1DBDC0000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1736137438.000001C1DBD9D000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1734795335.000001C1DBDC5000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1732913967.000001C1DBE34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue42195.
    Source: pbz3swuapf.exe, 00000001.00000002.1760205640.000001C1DCAA0000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1760367614.000001C1DCCA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://catbox.moe/user/api.php
    Source: pbz3swuapf.exe, pbz3swuapf.exe, 00000001.00000002.1768416223.00007FFE0002B000.00000002.00000001.01000000.00000029.sdmpString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://codecov.io/gh/pypa/setuptools
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crafatar.com/skins/
    Source: pbz3swuapf.exe, 00000000.00000003.1706303807.000001AC99A99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io
    Source: pbz3swuapf.exe, 00000000.00000003.1706303807.000001AC99A99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/
    Source: pbz3swuapf.exe, 00000000.00000003.1706303807.000001AC99A99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/changelog/
    Source: pbz3swuapf.exe, 00000001.00000002.1764130918.00007FFDFAC47000.00000002.00000001.01000000.00000028.sdmpString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
    Source: pbz3swuapf.exe, 00000000.00000003.1706303807.000001AC99A99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/installation/
    Source: pbz3swuapf.exe, 00000000.00000003.1706303807.000001AC99A99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/security/
    Source: pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761132613.000001C1DD4D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2
    Source: pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.3
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/users/
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v6/guilds/
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v6/guilds/3
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v6/users/
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/users/
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://discord.com/channels/803025117553754132/815945031150993468
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.gg/
    Source: pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1762103057.000001C1DDEA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.aiohttp.org/en/stable/client_advanced.html#proxy-support
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-profile/customizi
    Source: pbz3swuapf.exe, 00000001.00000003.1736137438.000001C1DBEEB000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1733922743.000001C1DC465000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758948813.000001C1DBEEB000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1734447628.000001C1DBF6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/howto/mro.html
    Source: pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1762023069.000001C1DDDA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/asyncio-eventloop.html
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700731462.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://docs.python.org/3/library/copy.html#copy.replace).
    Source: pbz3swuapf.exe, 00000001.00000002.1758663240.000001C1DB840000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720196378.000001C1DBC81000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720383209.000001C1DA093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
    Source: pbz3swuapf.exe, 00000001.00000003.1720196378.000001C1DBC81000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758759810.000001C1DBA80000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720383209.000001C1DA093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
    Source: pbz3swuapf.exe, 00000001.00000002.1758663240.000001C1DB840000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720196378.000001C1DBC81000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720383209.000001C1DA093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
    Source: pbz3swuapf.exe, 00000001.00000003.1720196378.000001C1DBC81000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758663240.000001C1DB8C8000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720383209.000001C1DA093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
    Source: pbz3swuapf.exe, 00000001.00000003.1720196378.000001C1DBC81000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758663240.000001C1DB8C8000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720383209.000001C1DA093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
    Source: pbz3swuapf.exe, 00000001.00000003.1720196378.000001C1DBC81000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758759810.000001C1DBA80000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720383209.000001C1DA093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
    Source: pbz3swuapf.exe, 00000001.00000002.1758663240.000001C1DB840000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720196378.000001C1DBC81000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720383209.000001C1DA093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
    Source: pbz3swuapf.exe, 00000001.00000003.1720196378.000001C1DBC81000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758759810.000001C1DBA80000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720383209.000001C1DA093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
    Source: pbz3swuapf.exe, 00000001.00000003.1720516130.000001C1DA098000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1724386626.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758508740.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720196378.000001C1DBC81000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1726132646.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1727103230.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720383209.000001C1DA093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
    Source: pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/pprint.html
    Source: pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/pprint.html#pprint.pprint
    Source: pbz3swuapf.exe, 00000001.00000003.1735601128.000001C1DC538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/re.ho
    Source: pbz3swuapf.exe, 00000001.00000003.1739040759.000001C1DC6BD000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC528000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1760367614.000001C1DCCA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/re.html
    Source: pbz3swuapf.exe, 00000001.00000002.1760104067.000001C1DC890000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1739040759.000001C1DC726000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1739040759.000001C1DC6BD000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1760367614.000001C1DCCA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/re.html#re.sub
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ebay.com
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://epicgames.com
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://file.io/
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://filepreviews.io/
    Source: pbz3swuapf.exe, 00000001.00000002.1761696383.000001C1DD9A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://friends.roblox.com/v1/users/
    Source: pbz3swuapf.exe, 00000001.00000002.1760104067.000001C1DC890000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1760449096.000001C1DCDA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com
    Source: pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
    Source: pbz3swuapf.exe, 00000001.00000003.1720516130.000001C1DA098000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1724386626.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758508740.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720196378.000001C1DBC81000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1726132646.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1727103230.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720383209.000001C1DA093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
    Source: pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1762103057.000001C1DDEA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/aio-libs/aiohttp/discussions/6044
    Source: pbz3swuapf.exe, 00000001.00000002.1762103057.000001C1DDEA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
    Source: pbz3swuapf.exe, 00000001.00000002.1760022565.000001C1DC780000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1760449096.000001C1DCDA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
    Source: pbz3swuapf.exe, 00000000.00000003.1692225571.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1716054233.000001AC99AA3000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1713010367.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1716486190.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1716054233.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1713273738.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715829923.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715511086.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1715511086.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1769386215.00007FFE01474000.00000002.00000001.01000000.00000011.sdmp, pbz3swuapf.exe, 00000001.00000002.1771803568.00007FFE0EB61000.00000002.00000001.01000000.0000000F.sdmp, pbz3swuapf.exe, 00000001.00000002.1771284884.00007FFE0E181000.00000002.00000001.01000000.00000012.sdmp, win32api.pyd.0.dr, win32trace.pyd.0.dr, win32ui.pyd.0.drString found in binary or memory: https://github.com/mhammond/pywin32
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/psf/black
    Source: pbz3swuapf.exe, 00000001.00000002.1759387153.000001C1DC280000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
    Source: pbz3swuapf.exe, 00000000.00000003.1706303807.000001AC99A99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography
    Source: pbz3swuapf.exe, 00000000.00000003.1706303807.000001AC99A99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/
    Source: pbz3swuapf.exe, 00000000.00000003.1706303807.000001AC99A99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
    Source: pbz3swuapf.exe, 00000000.00000003.1706303807.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1764130918.00007FFDFAC47000.00000002.00000001.01000000.00000028.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues
    Source: pbz3swuapf.exe, 00000001.00000002.1764130918.00007FFDFAC47000.00000002.00000001.01000000.00000028.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/8996
    Source: pbz3swuapf.exe, 00000001.00000002.1764130918.00007FFDFAC47000.00000002.00000001.01000000.00000028.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/9253
    Source: pbz3swuapf.exe, 00000000.00000003.1706303807.000001AC99A99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md
    Source: pbz3swuapf.exe, 00000001.00000002.1760022565.000001C1DC780000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1760367614.000001C1DCCA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
    Source: pbz3swuapf.exe, 00000001.00000002.1760022565.000001C1DC780000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1760367614.000001C1DCCA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging82d2
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pypa/setuptools
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pypa/setuptools/actions?query=workflow%3A%22tests%22
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pypa/setuptools/discussions
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pypa/setuptools/issues
    Source: pbz3swuapf.exe, 00000001.00000002.1760205640.000001C1DCAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
    Source: pbz3swuapf.exe, 00000001.00000002.1759294589.000001C1DC180000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pypa/setuptools/workflows/tests/badge.svg
    Source: pbz3swuapf.exe, 00000001.00000003.1736084503.000001C1DC5A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyparsing/pyparsing/wiki
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700731462.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs)
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700731462.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs/blob/main/.github/CONTRIBUTING.md)
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700731462.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs/issues/1340)
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700731462.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs/issues/1358)
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/136
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700731462.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs/issues/1365)
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700731462.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs/issues/1372)
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700731462.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs/issues/1383)
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700731462.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs/issues/1385)
    Source: pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/251
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/428
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700731462.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs/wiki/Extensions-to-attrs)
    Source: pbz3swuapf.exe, 00000001.00000003.1720196378.000001C1DBC81000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758663240.000001C1DB8C8000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720383209.000001C1DA093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
    Source: pbz3swuapf.exe, 00000001.00000003.1720383209.000001C1DA093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
    Source: pbz3swuapf.exe, 00000001.00000003.1720516130.000001C1DA098000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1724386626.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758508740.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720196378.000001C1DBC81000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1726132646.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1727103230.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720383209.000001C1DA093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
    Source: pbz3swuapf.exe, 00000001.00000002.1762103057.000001C1DDEA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/pull/118960
    Source: pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1762103057.000001C1DDEA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/pull/28073
    Source: METADATA0.0.drString found in binary or memory: https://github.com/sponsors/hynek
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/sponsors/hynek).
    Source: pbz3swuapf.exe, 00000001.00000003.1720516130.000001C1DA098000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1724386626.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758508740.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720196378.000001C1DBC81000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1726132646.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1727103230.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720383209.000001C1DA093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
    Source: pbz3swuapf.exe, 00000001.00000002.1761696383.000001C1DD9A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD106000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
    Source: pbz3swuapf.exe, 00000001.00000002.1761857693.000001C1DDBA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
    Source: pbz3swuapf.exe, 00000001.00000002.1761857693.000001C1DDBA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290li.pyw
    Source: pbz3swuapf.exe, 00000001.00000002.1760646498.000001C1DCFE2000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758948813.000001C1DBD80000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC5AF000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
    Source: pbz3swuapf.exe, 00000001.00000002.1760646498.000001C1DCFE2000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC5AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
    Source: pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gql.twitch.tv/gql
    Source: pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
    Source: pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
    Source: pbz3swuapf.exe, 00000001.00000002.1761942806.000001C1DDCA0000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
    Source: pbz3swuapf.exe, 00000001.00000002.1760646498.000001C1DCFE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700731462.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://hynek.me/articles/import-attrs/)
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://i.instagram.com/api/v1/accounts/current_user/?edit=true
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://i.instagram.com/api/v1/users/
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/badge/code%20style-black-000000.svg
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/badge/skeleton-2022-informational
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/codecov/c/github/pypa/setuptools/master.svg?logo=codecov&logoColor=white
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/discord/803025117553754132
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/setuptools.svg
    Source: pbz3swuapf.exe, 00000000.00000003.1706303807.000001AC99A99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/setuptools.svg
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/readthedocs/setuptools/latest.svg
    Source: pbz3swuapf.exe, 00000001.00000002.1759294589.000001C1DC180000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://instagram.com
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://instagram.com/
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://inventory.roblox.com/v1/users/
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/json
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://klaviyo.com/
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://krakenfiles.com/api/v1/file/upload
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://leagueoflegends.com
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
    Source: pbz3swuapf.exe, 00000000.00000003.1706303807.000001AC99A99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
    Source: pbz3swuapf.exe, 00000001.00000002.1758948813.000001C1DBD80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://oauth.reddit.com/api/v1/me
    Source: pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/declaring-project-metadata/
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://packaging.python.org/installing/
    Source: pbz3swuapf.exe, 00000001.00000002.1760205640.000001C1DCAA0000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1760367614.000001C1DCCA0000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1739401877.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://paypal.com
    Source: pbz3swuapf.exe, 00000001.00000002.1759118683.000001C1DBF80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
    Source: pbz3swuapf.exe, 00000001.00000002.1765449163.00007FFDFB65B000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.drString found in binary or memory: https://peps.python.org/pep-0263/
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://playstation.com
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://polar.sh/
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700731462.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://pypi.org/project/attrs/)
    Source: pbz3swuapf.exe, 00000000.00000003.1706303807.000001AC99A99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/cryptography/
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/setuptools
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://raw.githubusercontent.com/pypa/setuptools/main/docs/images/banner-640x320.svg
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://raw.githubusercontent.com/python-attrs/attrs/main/docs/_static/attrs_logo.svg
    Source: pbz3swuapf.exe, 00000000.00000003.1706303807.000001AC99A99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://reddit.com
    Source: pbz3swuapf.exe, 00000001.00000002.1760104067.000001C1DC890000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1760449096.000001C1DCDA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
    Source: pbz3swuapf.exe, 00000001.00000002.1760646498.000001C1DCFE2000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761942806.000001C1DDCA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
    Source: pbz3swuapf.exe, 00000001.00000002.1761942806.000001C1DDCA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io0
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://riotgames.com
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://s.optifine.net/capes/
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://setuptools.pypa.io
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://setuptools.pypa.io/
    Source: pbz3swuapf.exe, 00000001.00000002.1758948813.000001C1DBD80000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1734447628.000001C1DBDC0000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1736137438.000001C1DBD9D000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1734447628.000001C1DBD91000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1734795335.000001C1DBDC5000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1732913967.000001C1DBEBA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
    Source: pbz3swuapf.exe, 00000001.00000002.1760205640.000001C1DCAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/userguide/declarative_config.html#opt-2
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://setuptools.pypa.io/en/stable/history.html
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://skype.com
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://spotify.com
    Source: pbz3swuapf.exe, 00000001.00000002.1758948813.000001C1DBD80000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1735601128.000001C1DC538000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758849419.000001C1DBC91000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1739557572.000001C1DC538000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1736137438.000001C1DBD9D000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758948813.000001C1DBEEB000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1739040759.000001C1DC726000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1739040759.000001C1DC6BD000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC528000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular
    Source: pbz3swuapf.exe, 00000001.00000002.1762103057.000001C1DDEA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700731462.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://stackoverflow.com/questions/tagged/python-attrs)
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com
    Source: pbz3swuapf.exe, 00000001.00000002.1761696383.000001C1DD9A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/blxstealer
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700731462.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek).
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://tidelift.com/badges/github/pypa/setuptools?style=flat
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://tidelift.com/security
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=readme
    Source: pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=referral
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
    Source: pbz3swuapf.exe, 00000001.00000002.1761223076.000001C1DD5E8000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761397793.000001C1DD6F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
    Source: pbz3swuapf.exe, 00000001.00000002.1761132613.000001C1DD50B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitch.tv
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com
    Source: pbz3swuapf.exe, 00000001.00000002.1758948813.000001C1DBD80000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/home
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/i/api/1.1/account/update_profile.json
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://uguu.se/api.php?d=upload
    Source: pbz3swuapf.exe, 00000001.00000002.1759387153.000001C1DC280000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1760367614.000001C1DCCA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://upload.pypi.org/legacy/
    Source: pbz3swuapf.exe, 00000001.00000002.1761857693.000001C1DDBA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://users.roblox.com/v1/users/
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webcast.tiktok.com/webcast/wallet_api/diamond_buy/permission/?aid=1988
    Source: pbz3swuapf.exe, 00000001.00000002.1758849419.000001C1DBC91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wiki.debian.org/XDGBaseDirectorySpecification#state
    Source: pbz3swuapf.exe, 00000000.00000003.1706674418.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/
    Source: pbz3swuapf.exe, 00000000.00000003.1706674418.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1706755696.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1706674418.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
    Source: METADATA0.0.drString found in binary or memory: https://www.attrs.org/
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700731462.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/)
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/24.3.0/_static/sponsors/
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/24.3.0/_static/sponsors/FilePreviews.svg
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/24.3.0/_static/sponsors/Klaviyo.svg
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/24.3.0/_static/sponsors/Polar.svg
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/24.3.0/_static/sponsors/Tidelift.svg
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/24.3.0/_static/sponsors/Variomedia.svg
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/24.3.0/_static/sponsors/emsys-renewables.svg
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/latest/glossary.html#term-dunder-methods)).
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700731462.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/latest/names.html)
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/stable/changelog.html
    Source: METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/stable/changelog.html)
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700731462.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/stable/comparison.html#customization)
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700731462.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/stable/init.html#hooking-yourself-into-initialization)
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700731462.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/stable/why.html#data-classes)
    Source: pbz3swuapf.exe, 00000000.00000003.1710403861.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, libffi-8.dll.0.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: pbz3swuapf.exe, 00000001.00000002.1761696383.000001C1DD9A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/3clo0b3x6nfajqm27kvx6/exodus.asar?rlkey=200tiyus0rc0u3u4j9kf517l0&st=
    Source: pbz3swuapf.exe, 00000001.00000002.1761696383.000001C1DD9A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/xtt2n593d5n4svefktjhy/atomic.asar?rlkey=5refutaevle4aapp0p6hgn7q1&st=
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.emsys-renewables.com/
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.guilded.gg/api/me
    Source: pbz3swuapf.exe, 00000001.00000002.1761223076.000001C1DD5E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
    Source: pbz3swuapf.exe, 00000000.00000003.1710528467.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmp, pbz3swuapf.exe, 00000001.00000002.1769099900.00007FFE013CB000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://www.openssl.org/H
    Source: pbz3swuapf.exe, 00000001.00000002.1761696383.000001C1DD9A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.patreon.com/api/current_user?include=connected_socials%2Ccampaign.connected_socials&json
    Source: pbz3swuapf.exe, 00000001.00000002.1760646498.000001C1DCFE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
    Source: pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
    Source: pbz3swuapf.exe, 00000001.00000002.1758663240.000001C1DB840000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1722191843.000001C1DBCDB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/ftp/python/3.12.6/python-3.12.6-amd64.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1765659627.00007FFDFB6F8000.00000004.00000001.01000000.00000004.sdmp, python311.dll.0.drString found in binary or memory: https://www.python.org/psf/license/
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/user/
    Source: pbz3swuapf.exe, 00000001.00000002.1760646498.000001C1DD06A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.roblox.com/mobileapi/userinfo
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.spotify.com/api/account-settings/v1/profile
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.spotify.com/eg-en/api/account/v1/datalayer/
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/api/user/list/?count=1&minCursor=0&scene=67&secUid=
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/passport/web/account/info/
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.twitch.tv/
    Source: pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.variomedia.de/
    Source: pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
    Source: pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://xbox.com
    Source: pbz3swuapf.exe, 00000001.00000002.1760646498.000001C1DCFE2000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC5AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78810000_2_00007FF7D7881000
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78A5C700_2_00007FF7D78A5C70
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D7888BD00_2_00007FF7D7888BD0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78A69D40_2_00007FF7D78A69D4
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78A09380_2_00007FF7D78A0938
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78A18E40_2_00007FF7D78A18E4
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78898700_2_00007FF7D7889870
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78917B00_2_00007FF7D78917B0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78A97980_2_00007FF7D78A9798
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D7891FD00_2_00007FF7D7891FD0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78988040_2_00007FF7D7898804
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D789DF600_2_00007FF7D789DF60
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78A5EEC0_2_00007FF7D78A5EEC
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D7899F100_2_00007FF7D7899F10
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D7895DA00_2_00007FF7D7895DA0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D7891DC40_2_00007FF7D7891DC4
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D789E5E00_2_00007FF7D789E5E0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78936100_2_00007FF7D7893610
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D788AD1D0_2_00007FF7D788AD1D
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D788A4E40_2_00007FF7D788A4E4
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78A09380_2_00007FF7D78A0938
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78A64880_2_00007FF7D78A6488
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78A3C800_2_00007FF7D78A3C80
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D7892C800_2_00007FF7D7892C80
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D7891BC00_2_00007FF7D7891BC0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D788A34B0_2_00007FF7D788A34B
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D789DACC0_2_00007FF7D789DACC
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78919B40_2_00007FF7D78919B4
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78921D40_2_00007FF7D78921D4
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D7893A140_2_00007FF7D7893A14
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78A411C0_2_00007FF7D78A411C
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78981540_2_00007FF7D7898154
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78810001_2_00007FF7D7881000
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78A69D41_2_00007FF7D78A69D4
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78A18E41_2_00007FF7D78A18E4
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78898701_2_00007FF7D7889870
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78917B01_2_00007FF7D78917B0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78A97981_2_00007FF7D78A9798
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D7891FD01_2_00007FF7D7891FD0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78988041_2_00007FF7D7898804
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D789DF601_2_00007FF7D789DF60
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78A5EEC1_2_00007FF7D78A5EEC
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D7899F101_2_00007FF7D7899F10
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D7895DA01_2_00007FF7D7895DA0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D7891DC41_2_00007FF7D7891DC4
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D789E5E01_2_00007FF7D789E5E0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78936101_2_00007FF7D7893610
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D788AD1D1_2_00007FF7D788AD1D
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D788A4E41_2_00007FF7D788A4E4
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78A5C701_2_00007FF7D78A5C70
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78A09381_2_00007FF7D78A0938
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78A64881_2_00007FF7D78A6488
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78A3C801_2_00007FF7D78A3C80
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D7892C801_2_00007FF7D7892C80
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D7888BD01_2_00007FF7D7888BD0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D7891BC01_2_00007FF7D7891BC0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D788A34B1_2_00007FF7D788A34B
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D789DACC1_2_00007FF7D789DACC
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78919B41_2_00007FF7D78919B4
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78921D41_2_00007FF7D78921D4
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D7893A141_2_00007FF7D7893A14
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78A411C1_2_00007FF7D78A411C
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78981541_2_00007FF7D7898154
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78A09381_2_00007FF7D78A0938
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAE712E01_2_00007FFDFAE712E0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAE718D01_2_00007FFDFAE718D0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF930C11_2_00007FFDFAF930C1
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB0C7AF01_2_00007FFDFB0C7AF0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB1339D01_2_00007FFDFB1339D0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB147A101_2_00007FFDFB147A10
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF941651_2_00007FFDFAF94165
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF93FDA1_2_00007FFDFAF93FDA
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF96A821_2_00007FFDFAF96A82
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF9655A1_2_00007FFDFAF9655A
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF94C371_2_00007FFDFAF94C37
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAFABF201_2_00007FFDFAFABF20
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAFABD601_2_00007FFDFAFABD60
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF922891_2_00007FFDFAF92289
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF927661_2_00007FFDFAF92766
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB0BFE301_2_00007FFDFB0BFE30
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF932E71_2_00007FFDFAF932E7
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF93B931_2_00007FFDFAF93B93
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB0C73101_2_00007FFDFB0C7310
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF951691_2_00007FFDFAF95169
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF95D851_2_00007FFDFAF95D85
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF9114F1_2_00007FFDFAF9114F
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAFBB1C01_2_00007FFDFAFBB1C0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAFAF2001_2_00007FFDFAFAF200
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAFAF0601_2_00007FFDFAFAF060
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF929CD1_2_00007FFDFAF929CD
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF96CB71_2_00007FFDFAF96CB7
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF921B71_2_00007FFDFAF921B7
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF9609B1_2_00007FFDFAF9609B
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF96F231_2_00007FFDFAF96F23
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAFFF7001_2_00007FFDFAFFF700
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF922E81_2_00007FFDFAF922E8
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF970451_2_00007FFDFAF97045
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF91EA11_2_00007FFDFAF91EA1
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB1CF4601_2_00007FFDFB1CF460
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAFBB5501_2_00007FFDFAFBB550
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF95B0F1_2_00007FFDFAF95B0F
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF91B221_2_00007FFDFAF91B22
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB132A901_2_00007FFDFB132A90
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF94D041_2_00007FFDFAF94D04
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB072B401_2_00007FFDFB072B40
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF95D9E1_2_00007FFDFAF95D9E
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF923F11_2_00007FFDFAF923F1
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF96EEC1_2_00007FFDFAF96EEC
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB0CB0201_2_00007FFDFB0CB020
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF9213F1_2_00007FFDFAF9213F
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAFAEF001_2_00007FFDFAFAEF00
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF972C01_2_00007FFDFAF972C0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF946331_2_00007FFDFAF94633
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF91A4B1_2_00007FFDFAF91A4B
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF970771_2_00007FFDFAF97077
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF96FFA1_2_00007FFDFAF96FFA
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF936931_2_00007FFDFAF93693
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF934861_2_00007FFDFAF93486
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF91B311_2_00007FFDFAF91B31
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB0C61301_2_00007FFDFB0C6130
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF960D71_2_00007FFDFAF960D7
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF95E201_2_00007FFDFAF95E20
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB0C26701_2_00007FFDFB0C2670
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF91CC11_2_00007FFDFAF91CC1
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF94E4E1_2_00007FFDFAF94E4E
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF95A601_2_00007FFDFAF95A60
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF972521_2_00007FFDFAF97252
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF938321_2_00007FFDFAF93832
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF935FD1_2_00007FFDFAF935FD
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF91CFD1_2_00007FFDFAF91CFD
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF959F71_2_00007FFDFAF959F7
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF93A851_2_00007FFDFAF93A85
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB1499E01_2_00007FFDFB1499E0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF950AB1_2_00007FFDFAF950AB
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB1319201_2_00007FFDFB131920
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF947461_2_00007FFDFAF94746
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF957D11_2_00007FFDFAF957D1
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF9378D1_2_00007FFDFAF9378D
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF943591_2_00007FFDFAF94359
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF973651_2_00007FFDFAF97365
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF91D831_2_00007FFDFAF91D83
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB0C5E301_2_00007FFDFB0C5E30
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF9266C1_2_00007FFDFAF9266C
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF972A71_2_00007FFDFAF972A7
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF929821_2_00007FFDFAF92982
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF92D0B1_2_00007FFDFAF92D0B
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF93BA21_2_00007FFDFAF93BA2
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF916221_2_00007FFDFAF91622
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF95F0B1_2_00007FFDFAF95F0B
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF955101_2_00007FFDFAF95510
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFBA08C501_2_00007FFDFBA08C50
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB963B701_2_00007FFDFB963B70
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB9BFB101_2_00007FFDFB9BFB10
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB9B6B101_2_00007FFDFB9B6B10
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB966A621_2_00007FFDFB966A62
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB993A001_2_00007FFDFB993A00
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB9E29E01_2_00007FFDFB9E29E0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB9B99801_2_00007FFDFB9B9980
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB9A49C01_2_00007FFDFB9A49C0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB9F18E01_2_00007FFDFB9F18E0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB9AC9401_2_00007FFDFB9AC940
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB9BB9201_2_00007FFDFB9BB920
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB9628881_2_00007FFDFB962888
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB97A8C01_2_00007FFDFB97A8C0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB98B0001_2_00007FFDFB98B000
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: String function: 00007FF7D7882710 appears 104 times
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: String function: 00007FFDFAF91EF1 appears 870 times
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: String function: 00007FFDFAF92734 appears 340 times
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: String function: 00007FFDFAF92A04 appears 76 times
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: String function: 00007FF7D7882910 appears 34 times
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: String function: 00007FFDFAF9300D appears 50 times
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: String function: 00007FFDFB969620 appears 39 times
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: String function: 00007FFDFAF924B9 appears 58 times
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: String function: 00007FFDFAF9483B appears 88 times
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: String function: 00007FFDFAF94057 appears 514 times
    Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: python3.dll.0.drStatic PE information: No import functions for PE file found
    Source: pbz3swuapf.exe, 00000000.00000003.1692225571.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.pyd0 vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1711095558.000001AC99A96000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1693931339.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1696654390.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99A96000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1713414943.000001AC99A96000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1695530525.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1694363369.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1716054233.000001AC99AA3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1693171915.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1713010367.000001AC99A96000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepythoncom311.dll0 vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1697497260.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1711277872.000001AC99A96000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1714227288.000001AC99A96000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1716486190.000001AC99A96000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshell.pyd0 vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1693427694.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1716054233.000001AC99A96000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1693285247.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1710528467.000001AC99A96000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1694834344.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1697095680.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1713273738.000001AC99A96000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes311.dll0 vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1692842172.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1695378830.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1696192785.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1695188368.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1715829923.000001AC99A96000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1715511086.000001AC99A96000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1694150446.000001AC99A95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000000.00000003.1715511086.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs pbz3swuapf.exe
    Source: pbz3swuapf.exeBinary or memory string: OriginalFilename vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1774047565.00007FFE11EE2000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1769386215.00007FFE01474000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilenamepythoncom311.dll0 vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1771167952.00007FFE0E155000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1774566375.00007FFE12E19000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1772116783.00007FFE1030E000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1772967539.00007FFE11522000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1758451564.000001C1D9F20000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1775186509.00007FFE13306000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1775014751.00007FFE130C6000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1773903618.00007FFE11EC5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1771689406.00007FFE0EB2E000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1771803568.00007FFE0EB61000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenamepywintypes311.dll0 vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1774298302.00007FFE120CB000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1766767340.00007FFDFB896000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython311.dll. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1775813812.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1771883182.00007FFE101EA000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1769099900.00007FFE013CB000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenamelibsslH vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1771284884.00007FFE0E181000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1772462980.00007FFE110F4000.00000002.00000001.01000000.00000025.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1766957897.00007FFDFBACA000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1775367798.00007FFE1334B000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs pbz3swuapf.exe
    Source: pbz3swuapf.exe, 00000001.00000002.1772029581.00007FFE1025E000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs pbz3swuapf.exe
    Source: classification engineClassification label: mal60.troj.evad.winEXE@6/108@0/2
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7356:120:WilError_03
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682Jump to behavior
    Source: pbz3swuapf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\pbz3swuapf.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: pbz3swuapf.exe, 00000001.00000002.1766904172.00007FFDFBA8A000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT item1, item2 FROM metadata;
    Source: pbz3swuapf.exe, 00000001.00000002.1766904172.00007FFDFBA8A000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
    Source: pbz3swuapf.exe, 00000001.00000002.1766904172.00007FFDFBA8A000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
    Source: pbz3swuapf.exe, 00000001.00000002.1766904172.00007FFDFBA8A000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
    Source: pbz3swuapf.exe, pbz3swuapf.exe, 00000001.00000002.1766904172.00007FFDFBA8A000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
    Source: pbz3swuapf.exe, 00000001.00000002.1766904172.00007FFDFBA8A000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT a11, a102 FROM nssPrivate WHERE a102 = ?;
    Source: pbz3swuapf.exe, 00000001.00000002.1766904172.00007FFDFBA8A000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
    Source: pbz3swuapf.exeVirustotal: Detection: 22%
    Source: pbz3swuapf.exeString found in binary or memory: can't send non-None value to a just-started coroutine
    Source: pbz3swuapf.exeString found in binary or memory: can't send non-None value to a just-started generator
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile read: C:\Users\user\Desktop\pbz3swuapf.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\pbz3swuapf.exe "C:\Users\user\Desktop\pbz3swuapf.exe"
    Source: C:\Users\user\Desktop\pbz3swuapf.exeProcess created: C:\Users\user\Desktop\pbz3swuapf.exe "C:\Users\user\Desktop\pbz3swuapf.exe"
    Source: C:\Users\user\Desktop\pbz3swuapf.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\pbz3swuapf.exeProcess created: C:\Users\user\Desktop\pbz3swuapf.exe "C:\Users\user\Desktop\pbz3swuapf.exe"Jump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: libffi-8.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: vcruntime140_1.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: libcrypto-1_1.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: libssl-1_1.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: sqlite3.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: powrprof.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: pdh.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: umpdc.dllJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeSection loaded: wtsapi32.dllJump to behavior
    Source: pbz3swuapf.exeStatic PE information: Image base 0x140000000 > 0x60000000
    Source: pbz3swuapf.exeStatic file information: File size 22120553 > 1048576
    Source: pbz3swuapf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: pbz3swuapf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: pbz3swuapf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: pbz3swuapf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: pbz3swuapf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: pbz3swuapf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: pbz3swuapf.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: pbz3swuapf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pywintypes.pdb** source: pbz3swuapf.exe, 00000001.00000002.1771765736.00007FFE0EB50000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32api.pdb source: pbz3swuapf.exe, 00000001.00000002.1771238363.00007FFE0E173000.00000002.00000001.01000000.00000012.sdmp, win32api.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.0.dr
    Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: pbz3swuapf.exe, 00000000.00000003.1713414943.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1775106919.00007FFE13303000.00000002.00000001.01000000.0000000C.sdmp, select.pyd.0.dr
    Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: pbz3swuapf.exe, 00000000.00000003.1697497260.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1772238412.00007FFE110F2000.00000002.00000001.01000000.00000025.sdmp, _uuid.pyd.0.dr
    Source: Binary string: D:\_w\1\b\bin\amd64\sqlite3.pdb source: pbz3swuapf.exe, 00000001.00000002.1766904172.00007FFDFBA8A000.00000002.00000001.01000000.00000019.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\_sqlite3.pdb source: pbz3swuapf.exe, 00000001.00000002.1771853729.00007FFE101DE000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: cryptography_rust.pdbc source: pbz3swuapf.exe, 00000001.00000002.1764130918.00007FFDFAC47000.00000002.00000001.01000000.00000028.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\_overlapped.pdb source: pbz3swuapf.exe, 00000000.00000003.1695378830.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1774148086.00007FFE120C6000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: pbz3swuapf.exe, 00000000.00000003.1693171915.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1774412891.00007FFE12E15000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: pbz3swuapf.exe, 00000001.00000002.1768975927.00007FFE01396000.00000002.00000001.01000000.00000014.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: pbz3swuapf.exe, 00000000.00000003.1693427694.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1773976285.00007FFE11EDD000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\_multiprocessing.pdb source: pbz3swuapf.exe, 00000000.00000003.1695188368.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pythoncom.pdb source: pbz3swuapf.exe, 00000001.00000002.1769256791.00007FFE0142C000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: pbz3swuapf.exe, 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: pbz3swuapf.exe, 00000000.00000003.1695530525.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1774871862.00007FFE130C3000.00000002.00000001.01000000.0000000E.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: pbz3swuapf.exe, 00000001.00000002.1771075754.00007FFE0E13D000.00000002.00000001.01000000.00000013.sdmp, _ssl.pyd.0.dr
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32api.pdb!! source: pbz3swuapf.exe, 00000001.00000002.1771238363.00007FFE0E173000.00000002.00000001.01000000.00000012.sdmp, win32api.pyd.0.dr
    Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: pbz3swuapf.exe, 00000000.00000003.1694363369.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1771566250.00007FFE0EB27000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: pbz3swuapf.exe, 00000000.00000003.1694834344.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1773749922.00007FFE11EBC000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: params.pparams.qparams.gpub_keypriv_keyossl_ec_group_new_excrypto\ec\ec_lib.cEC_GROUP_copyEC_GROUP_set_generatorEC_GROUP_set_curveEC_GROUP_get_curveEC_GROUP_get_degreeEC_GROUP_check_discriminantEC_POINT_newEC_POINT_copyEC_POINT_set_to_infinityEC_POINT_set_Jprojective_coordinates_GFpEC_POINT_set_affine_coordinatesEC_POINT_get_affine_coordinatesEC_POINT_addEC_POINT_dblEC_POINT_invertEC_POINT_is_at_infinityEC_POINT_is_on_curveEC_POINT_cmpEC_POINT_mulEC_GROUP_get_trinomial_basisEC_GROUP_get_pentanomial_basisgroup_new_from_nameossl_ec_group_set_paramsencodingdecoded-from-explicitEC_GROUP_new_from_paramsgeneratorcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.4.0built on: Wed Nov 27 17:13:13 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/AOSSL_WINCTX: Undefinednot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: pbz3swuapf.exe, 00000001.00000002.1764130918.00007FFDFAC47000.00000002.00000001.01000000.00000028.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: pbz3swuapf.exe, 00000001.00000002.1764130918.00007FFDFAC47000.00000002.00000001.01000000.00000028.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
    Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbNN source: pbz3swuapf.exe, 00000000.00000003.1694834344.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1773749922.00007FFE11EBC000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: pbz3swuapf.exe, 00000001.00000002.1775292497.00007FFE13340000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32ui.pdb source: win32ui.pyd.0.dr
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\_win32sysloader.pdb source: pbz3swuapf.exe, 00000000.00000003.1715511086.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32trace.pdb source: pbz3swuapf.exe, 00000000.00000003.1716054233.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, win32trace.pyd.0.dr
    Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: pbz3swuapf.exe, 00000001.00000002.1764130918.00007FFDFAC47000.00000002.00000001.01000000.00000028.sdmp
    Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: pbz3swuapf.exe, 00000001.00000002.1768975927.00007FFE01396000.00000002.00000001.01000000.00000014.sdmp
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\win32ui.pdbOO source: win32ui.pyd.0.dr
    Source: Binary string: D:\_w\1\b\bin\amd64\pyexpat.pdb source: pbz3swuapf.exe, 00000001.00000002.1771970924.00007FFE10252000.00000002.00000001.01000000.0000000D.sdmp, pyexpat.pyd.0.dr
    Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: pbz3swuapf.exe, 00000000.00000003.1696192785.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1772763609.00007FFE11518000.00000002.00000001.01000000.0000000B.sdmp, _socket.pyd.0.dr
    Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: pbz3swuapf.exe, 00000000.00000003.1711277872.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758451564.000001C1D9F20000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: pbz3swuapf.exe, 00000000.00000003.1692842172.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1775686057.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
    Source: Binary string: D:\_w\1\b\bin\amd64\_asyncio.pdb source: pbz3swuapf.exe, 00000000.00000003.1693285247.000001AC99A95000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1772088263.00007FFE10307000.00000002.00000001.01000000.00000016.sdmp
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pywintypes.pdb source: pbz3swuapf.exe, 00000001.00000002.1771765736.00007FFE0EB50000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: pbz3swuapf.exe, 00000000.00000003.1715052305.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmp
    Source: Binary string: cryptography_rust.pdb source: pbz3swuapf.exe, 00000001.00000002.1764130918.00007FFDFAC47000.00000002.00000001.01000000.00000028.sdmp
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-311\Release\pythoncom.pdb}},GCTL source: pbz3swuapf.exe, 00000001.00000002.1769256791.00007FFE0142C000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: D:\_w\1\b\bin\amd64\python311.pdb source: pbz3swuapf.exe, 00000001.00000002.1765449163.00007FFDFB65B000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.dr
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1q 5 Jul 2022built on: Thu Aug 18 20:15:42 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: pbz3swuapf.exe, 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: pbz3swuapf.exe, 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmp
    Source: pbz3swuapf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: pbz3swuapf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: pbz3swuapf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: pbz3swuapf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: pbz3swuapf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: VCRUNTIME140.dll.0.drStatic PE information: 0xEFFF39AD [Sun Aug 4 18:57:49 2097 UTC]
    Source: python311.dll.0.drStatic PE information: section name: PyRuntim
    Source: mfc140u.dll.0.drStatic PE information: section name: .didat
    Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
    Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
    Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\pywin32_system32\pythoncom311.dllJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\_uuid.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\sqlite3.dllJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\libcrypto-1_1.dllJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_ofb.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_SHA224.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_cast.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_MD2.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\PublicKey\_ed448.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_SHA256.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_cbc.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_MD5.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_keccak.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\PublicKey\_ec_ws.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Util\_cpuid_c.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\win32\win32trace.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\aiohttp\_http_parser.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_ghash_clmul.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\VCRUNTIME140_1.dllJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\_cffi_backend.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\PublicKey\_curve448.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_des.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\PublicKey\_curve25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\libssl-1_1.dllJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_poly1305.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Pythonwin\win32ui.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\aiohttp\_websocket\reader_c.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_aesni.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Util\_strxor.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_MD4.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\win32\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\pywin32_system32\pywintypes311.dllJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_chacha20.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\win32com\shell\shell.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\cryptography\hazmat\bindings\_rust.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\win32\_win32sysloader.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\charset_normalizer\md__mypyc.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\frozenlist\_frozenlist.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_aes.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_cfb.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_BLAKE2b.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\charset_normalizer\md.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\PublicKey\_ed25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_SHA384.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\python311.dllJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_ecb.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_ocb.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\aiohttp\_websocket\mask.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Protocol\_scrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_RIPEMD160.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_ghash_portable.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\yarl\_quoting_c.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_SHA512.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_des3.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\psutil\_psutil_windows.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\_sqlite3.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_arc2.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_ctr.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Math\_modexp.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_ARC4.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_BLAKE2s.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\libffi-8.dllJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Pythonwin\mfc140u.dllJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\VCRUNTIME140.dllJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\multidict\_multidict.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_SHA1.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\aiohttp\_http_writer.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\propcache\_helpers_c.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_Salsa20.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D7885820 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF7D7885820
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF9572C rdtsc 1_2_00007FFDFAF9572C
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\pywin32_system32\pythoncom311.dllJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\_uuid.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_ofb.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_SHA224.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_MD2.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_cast.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\PublicKey\_ed448.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_SHA256.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_cbc.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_MD5.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_keccak.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\PublicKey\_ec_ws.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\win32\win32trace.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Util\_cpuid_c.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\aiohttp\_http_parser.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_ghash_clmul.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\_cffi_backend.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\PublicKey\_curve448.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_des.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\PublicKey\_curve25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_poly1305.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Pythonwin\win32ui.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\aiohttp\_websocket\reader_c.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Util\_strxor.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_aesni.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_MD4.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\win32\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\pywin32_system32\pywintypes311.dllJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\win32com\shell\shell.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\cryptography\hazmat\bindings\_rust.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_chacha20.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\win32\_win32sysloader.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\charset_normalizer\md__mypyc.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\frozenlist\_frozenlist.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_aes.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_cfb.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\charset_normalizer\md.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_BLAKE2b.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\PublicKey\_ed25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_SHA384.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\python311.dllJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_ocb.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_ecb.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\aiohttp\_websocket\mask.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Protocol\_scrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_RIPEMD160.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_ghash_portable.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\yarl\_quoting_c.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_SHA512.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_des3.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\psutil\_psutil_windows.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\_sqlite3.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_arc2.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_ctr.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Math\_modexp.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_ARC4.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_BLAKE2s.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Pythonwin\mfc140u.dllJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\multidict\_multidict.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_SHA1.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\aiohttp\_http_writer.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\propcache\_helpers_c.cp311-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_Salsa20.pydJump to dropped file
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-18301
    Source: C:\Users\user\Desktop\pbz3swuapf.exeAPI coverage: 2.5 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile Volume queried: \Device\CdRom0\ FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78883B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7D78883B0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78892F0 FindFirstFileExW,FindClose,0_2_00007FF7D78892F0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78A18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7D78A18E4
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78892F0 FindFirstFileExW,FindClose,1_2_00007FF7D78892F0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78A18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF7D78A18E4
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D78883B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF7D78883B0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF93229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,1_2_00007FFDFAF93229
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFB96F8D0 GetSystemInfo,1_2_00007FFDFB96F8D0
    Source: pbz3swuapf.exe, 00000000.00000003.1705528066.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vboxtray
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: qemu-ga
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vboxservice
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmware
    Source: pbz3swuapf.exe, 00000001.00000002.1764407419.00007FFDFAE1F000.00000002.00000001.01000000.00000028.sdmpBinary or memory string: vmCimC
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmwareuser
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmusrvc
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmhgfs.sys
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmsrvc
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmtoolsd
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmwaretray
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware Tools
    Source: pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmmouse.sys
    Source: pbz3swuapf.exe, 00000001.00000003.1736137438.000001C1DBEEB000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1732913967.000001C1DBEFA000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1732186365.000001C1DBEFA000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1734447628.000001C1DBEFA000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758948813.000001C1DBEEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
    Source: C:\Users\user\Desktop\pbz3swuapf.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Potentially malicious time measurement code found
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF9572C1_2_00007FFDFAF9572C
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF9572C rdtsc 1_2_00007FFDFAF9572C
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D789A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7D789A684
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78A34F0 GetProcessHeap,0_2_00007FF7D78A34F0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D788C910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7D788C910
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D789A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7D789A684
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D788D37C SetUnhandledExceptionFilter,0_2_00007FF7D788D37C
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D788D19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7D788D19C
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D788C910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF7D788C910
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D789A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF7D789A684
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D788D37C SetUnhandledExceptionFilter,1_2_00007FF7D788D37C
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FF7D788D19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF7D788D19C
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAE73028 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFAE73028
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAE72A60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFDFAE72A60
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF95A1F IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFAF95A1F
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFBA88000 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFDFBA88000
    Source: C:\Users\user\Desktop\pbz3swuapf.exeProcess created: C:\Users\user\Desktop\pbz3swuapf.exe "C:\Users\user\Desktop\pbz3swuapf.exe"Jump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78A95E0 cpuid 0_2_00007FF7D78A95E0
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\PublicKey VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Util VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\aiohttp VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\aiohttp VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\aiohttp VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\aiohttp\_websocket VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\attrs-24.3.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\attrs-24.3.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\attrs-24.3.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\attrs-24.3.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\certifi VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\cryptography-44.0.0.dist-info\licenses VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\cryptography-44.0.0.dist-info\licenses VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\_ctypes.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\_bz2.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\_lzma.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\aiohttp VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\attrs-24.3.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\certifi VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\charset_normalizer VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\cryptography VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\frozenlist VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\sqlite3.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\_cffi_backend.cp311-win_amd64.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\select.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\pyexpat.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\_queue.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\win32com VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\win32com VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\win32com VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\Pythonwin VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72682\_asyncio.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeQueries volume information: C:\Users\user\Desktop\pbz3swuapf.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D788D080 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7D788D080
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 0_2_00007FF7D78A5C70 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF7D78A5C70

    Stealing of Sensitive Information

    barindex
    Yara detected Generic Python Stealer
    Source: Yara matchFile source: Process Memory Space: pbz3swuapf.exe PID: 7324, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected Generic Python Stealer
    Source: Yara matchFile source: Process Memory Space: pbz3swuapf.exe PID: 7324, type: MEMORYSTR
    Source: C:\Users\user\Desktop\pbz3swuapf.exeCode function: 1_2_00007FFDFAF92B5D bind,WSAGetLastError,1_2_00007FFDFAF92B5D

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		11
    Process Injection    		11
    Process Injection    		OS Credential Dumping2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    Native API    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory31
    Security Software Discovery    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
    Obfuscated Files or Information    		Security Account Manager1
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive1
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Timestomp    		NTDS1
    File and Directory Discovery    		Distributed Component Object ModelInput Capture1
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    DLL Side-Loading    		LSA Secrets24
    System Information Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    pbz3swuapf.exe22%VirustotalBrowse

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_MD2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_MD4.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_MD5.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_SHA1.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_SHA224.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_SHA256.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_SHA384.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_SHA512.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_keccak.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_poly1305.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Math\_modexp.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\PublicKey\_curve25519.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\PublicKey\_curve448.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Util\_strxor.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Pythonwin\mfc140u.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\Pythonwin\win32ui.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\VCRUNTIME140.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\VCRUNTIME140_1.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\_asyncio.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\_bz2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\_cffi_backend.cp311-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\_ctypes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\_decimal.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\_hashlib.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\_lzma.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\_multiprocessing.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\_overlapped.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\_queue.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\_socket.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\_sqlite3.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\_ssl.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\_uuid.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\aiohttp\_http_parser.cp311-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72682\aiohttp\_http_writer.cp311-win_amd64.pyd0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://178.208.187.105/7118723753_chat.txt00%Avira URL Cloudsafe
    https://requests.readthedocs.io00%Avira URL Cloudsafe
    https://www.attrs.org/en/24.3.0/_static/sponsors/0%Avira URL Cloudsafe
    https://polar.sh/0%Avira URL Cloudsafe
    https://api.namemc.com/profile/0%Avira URL Cloudsafe
    https://www.attrs.org/en/24.3.0/_static/sponsors/FilePreviews.svg0%Avira URL Cloudsafe
    http://178.208.187.105/7118723753_chat.txt0%Avira URL Cloudsafe
    https://www.attrs.org/en/24.3.0/_static/sponsors/Variomedia.svg0%Avira URL Cloudsafe
    https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=referral0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    No contacted domains info

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://178.208.187.105/7118723753_chat.txtfalse
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://account.riotgames.com/api/account/v1/userpbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      https://github.com/pyca/cryptography/issues/8996pbz3swuapf.exe, 00000001.00000002.1764130918.00007FFDFAC47000.00000002.00000001.01000000.00000028.sdmpfalse
        		high
        https://github.com/giampaolo/psutil/issues/875.pbz3swuapf.exe, 00000001.00000002.1762103057.000001C1DDEA0000.00000004.00001000.00020000.00000000.sdmpfalse
          		high
          https://github.com/python-attrs/attrs/issues/251pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://requests.readthedocs.io0pbz3swuapf.exe, 00000001.00000002.1761942806.000001C1DDCA0000.00000004.00001000.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.attrs.org/en/24.3.0/_static/sponsors/pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://img.shields.io/pypi/pyversions/setuptools.svgpbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
              		high
              https://img.shields.io/pypi/v/setuptools.svgpbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                		high
                https://github.com/aio-libs/aiohttp/discussions/6044pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1762103057.000001C1DDEA0000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  https://paypal.compbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/urllib3/urllib3/issues/3290li.pywpbz3swuapf.exe, 00000001.00000002.1761857693.000001C1DDBA0000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      http://docs.python.org/library/unittest.htmlpbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC734000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://python.orgpbz3swuapf.exe, 00000001.00000002.1762023069.000001C1DDDA0000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#pbz3swuapf.exe, 00000001.00000003.1720516130.000001C1DA098000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1724386626.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758508740.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720196378.000001C1DBC81000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1726132646.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1727103230.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720383209.000001C1DA093000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/sponsors/hynekMETADATA0.0.drfalse
                              		high
                              https://oauth.reddit.com/api/v1/mepbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://store.steampowered.compbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  http://178.208.187.105/7118723753_chat.txt0pbz3swuapf.exe, 00000001.00000002.1763136146.000001C1DF880000.00000004.00001000.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://goo.gl/zeJZl.pbz3swuapf.exe, 00000001.00000002.1762103057.000001C1DDEA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://www.apache.org/licenses/LICENSE-2.0pbz3swuapf.exe, 00000000.00000003.1706674418.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1706755696.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1706674418.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                      		high
                                      https://ebay.compbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://epicgames.compbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64pbz3swuapf.exe, 00000001.00000003.1736137438.000001C1DBEEB000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1733922743.000001C1DC465000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758948813.000001C1DBEEB000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1734447628.000001C1DBF6D000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://img.shields.io/codecov/c/github/pypa/setuptools/master.svg?logo=codecov&logoColor=whitepbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                              		high
                                              https://github.com/pypa/packagingpbz3swuapf.exe, 00000001.00000002.1760022565.000001C1DC780000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1760367614.000001C1DCCA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.attrs.org/en/24.3.0/_static/sponsors/FilePreviews.svgpbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.dropbox.com/scl/fi/3clo0b3x6nfajqm27kvx6/exodus.asar?rlkey=200tiyus0rc0u3u4j9kf517l0&st=pbz3swuapf.exe, 00000001.00000002.1761696383.000001C1DD9A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek).pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700731462.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                    		high
                                                    https://refspecs.linuxfoundation.org/elf/gabi4pbz3swuapf.exe, 00000001.00000002.1760104067.000001C1DC890000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1760449096.000001C1DCDA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://pypi.org/project/setuptoolspbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                        		high
                                                        https://github.com/pypa/setuptools/workflows/tests/badge.svgpbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                          		high
                                                          https://api.namemc.com/profile/pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://discord.com/api/v9/users/pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://ipinfo.io/jsonpbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963pbz3swuapf.exe, 00000001.00000002.1761696383.000001C1DD9A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://blog.jaraco.com/skeletonpbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                  		high
                                                                  https://github.com/python-attrs/attrs/issues/136pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD106000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://tools.ietf.org/html/rfc3610pbz3swuapf.exe, 00000001.00000002.1761223076.000001C1DD5E8000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761397793.000001C1DD6F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://crl.dhimyotis.com/certignarootca.crlpbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://curl.haxx.se/rfc/cookie_spec.htmlpbz3swuapf.exe, 00000001.00000002.1761857693.000001C1DDBA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://docs.python.org/3/library/subprocess#subprocess.Popen.returncodepbz3swuapf.exe, 00000001.00000002.1761619715.000001C1DD8A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.mdpbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                              		high
                                                                              http://json.orgpbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC734000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758849419.000001C1DBC91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://catbox.moe/user/api.phppbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenamepbz3swuapf.exe, 00000001.00000002.1758663240.000001C1DB840000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720196378.000001C1DBC81000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720383209.000001C1DA093000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxypbz3swuapf.exe, 00000001.00000002.1761857693.000001C1DDBA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.quovadisglobal.com/cps.kpbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD248000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.3pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761132613.000001C1DD4D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://wwww.certigna.fr/autorites/0mpbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerpbz3swuapf.exe, 00000001.00000003.1720516130.000001C1DA098000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1724386626.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758508740.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720196378.000001C1DBC81000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1726132646.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1727103230.000001C1DA096000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720383209.000001C1DA093000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://instagram.compbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://mail.python.org/pipermail/python-dev/2012-June/120787.html.pbz3swuapf.exe, 00000001.00000002.1762184070.000001C1DDFC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://httpbin.org/pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.apache.org/licenses/pbz3swuapf.exe, 00000000.00000003.1706674418.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                                                                                        		high
                                                                                                        https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainpbz3swuapf.exe, 00000000.00000003.1706303807.000001AC99A99000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-filepbz3swuapf.exe, 00000001.00000002.1764130918.00007FFDFAC47000.00000002.00000001.01000000.00000028.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlpbz3swuapf.exe, 00000001.00000003.1732885097.000001C1DC46F000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1732794987.000001C1DC465000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_modulepbz3swuapf.exe, 00000001.00000003.1720196378.000001C1DBC81000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758759810.000001C1DBA80000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720383209.000001C1DA093000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachespbz3swuapf.exe, 00000001.00000002.1758663240.000001C1DB840000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720196378.000001C1DBC81000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720383209.000001C1DA093000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://filepreviews.io/pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                    		high
                                                                                                                    https://twitch.tvpbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.attrs.org/en/stable/why.html#data-classes)pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700731462.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99AA4000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                        		high
                                                                                                                        http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC5AF000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC4C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://cryptography.io/en/latest/installation/pbz3swuapf.exe, 00000000.00000003.1706303807.000001AC99A99000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76pbz3swuapf.exe, 00000001.00000002.1761132613.000001C1DD50B000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1760646498.000001C1DD06A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://github.com/pypa/setuptools/issues/417#issuecomment-392298401pbz3swuapf.exe, 00000001.00000002.1759294589.000001C1DC180000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://polar.sh/pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://wiki.debian.org/XDGBaseDirectorySpecification#statepbz3swuapf.exe, 00000001.00000002.1758849419.000001C1DBC91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://crl.securetrust.com/STCA.crlpbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD248000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://www.cert.fnmt.es/dpcs/7Ypbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://tools.ietf.org/html/rfc6125#section-6.4.3pbz3swuapf.exe, 00000001.00000002.1761857693.000001C1DDBA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://www.attrs.org/en/stable/changelog.htmlpbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://discord.com/api/v6/guilds/pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.variomedia.de/pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                                		high
                                                                                                                                                http://www.cert.fnmt.es/dpcs/pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://google.com/mailpbz3swuapf.exe, 00000001.00000002.1760646498.000001C1DCFE2000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC5AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://github.com/jaraco/jaraco.functools/issues/5pbz3swuapf.exe, 00000001.00000002.1760022565.000001C1DC780000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1760449096.000001C1DCDA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://www.accv.es00pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758849419.000001C1DBC91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmpbz3swuapf.exe, 00000001.00000003.1732885097.000001C1DC46F000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1732794987.000001C1DC465000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.rfc-editor.org/info/rfc7253pbz3swuapf.exe, 00000001.00000002.1761223076.000001C1DD5E8000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD1F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://github.com/pyca/cryptography/issuespbz3swuapf.exe, 00000000.00000003.1706303807.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1764130918.00007FFDFAC47000.00000002.00000001.01000000.00000028.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD106000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://www.attrs.org/METADATA0.0.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://packaging.python.org/installing/pbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://mahler:8092/site-updates.pypbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD106000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://cryptography.io/pbz3swuapf.exe, 00000000.00000003.1706303807.000001AC99A99000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://discord.gg/pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://ip-api.com/jsonpbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.attrs.org/en/latest/glossary.html#term-dunder-methods)).pbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://127.0.0.1:8443pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761132613.000001C1DD4D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://www.attrs.org/en/24.3.0/_static/sponsors/Variomedia.svgpbz3swuapf.exe, 00000000.00000003.1700232221.000001AC99A96000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://www.firmaprofesional.com/cps0pbz3swuapf.exe, 00000001.00000002.1761044957.000001C1DD407000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=referralpbz3swuapf.exe, 00000000.00000003.1713639718.000001AC99A99000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://docs.python.org/3/library/re.html#re.subpbz3swuapf.exe, 00000001.00000002.1760104067.000001C1DC890000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1739040759.000001C1DC726000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1739040759.000001C1DC6BD000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1760367614.000001C1DCCA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specpbz3swuapf.exe, 00000001.00000003.1720196378.000001C1DBC81000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1758759810.000001C1DBA80000.00000004.00001000.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000003.1720383209.000001C1DA093000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://github.com/urllib3/urllib3/issues/2920pbz3swuapf.exe, 00000001.00000002.1760752951.000001C1DD106000.00000004.00000020.00020000.00000000.sdmp, pbz3swuapf.exe, 00000001.00000002.1761775405.000001C1DDAA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://crl.securetrust.com/SGCA.crl0pbz3swuapf.exe, 00000001.00000002.1759479556.000001C1DC63A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high

                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                          Public IPs

                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                          178.208.187.105
                                                                                                                                                                                          		unknownNetherlands
                                                                                                                                                                                          		22363PHMGMT-AS1USfalse

                                                                                                                                                                                          Private

                                                                                                                                                                                          IP
                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                          General Information

                                                                                                                                                                                          Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                          Analysis ID:1590645
                                                                                                                                                                                          Start date and time:2025-01-14 12:20:10 +01:00
                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                          Overall analysis duration:0h 6m 42s
                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                          Report type:full
                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                          Number of analysed new started processes analysed:4
                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                          Technologies:
                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                          Sample name:pbz3swuapf.exe
                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                          Classification:mal60.troj.evad.winEXE@6/108@0/2
                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                          HCA Information:Failed
                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                          • Stop behavior analysis, all processes terminated

                                                                                                                                                                                          Warnings

                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 52.149.20.212
                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, sls.update.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                          • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                                          Simulations

                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                          No simulations

                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                          IPs

                                                                                                                                                                                          No context

                                                                                                                                                                                          Domains

                                                                                                                                                                                          No context

                                                                                                                                                                                          ASNs

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          PHMGMT-AS1USmpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                          • 45.255.179.197
                                                                                                                                                                                          sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                          • 69.166.198.186
                                                                                                                                                                                          botx.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                          • 45.255.179.187
                                                                                                                                                                                          Pe4905VGl1.batGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                          • 178.208.169.197
                                                                                                                                                                                          N1f691bk5G.ps1Get hashmaliciousAsyncRATBrowse
                                                                                                                                                                                          • 178.208.169.197
                                                                                                                                                                                          mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                          • 178.208.190.219
                                                                                                                                                                                          amen.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                          • 45.255.208.12
                                                                                                                                                                                          2xPiYIsfF2.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                          • 128.90.103.230
                                                                                                                                                                                          OhWWbQcp7Q.exeGet hashmaliciousAveMaria, UACMeBrowse
                                                                                                                                                                                          • 128.90.129.125
                                                                                                                                                                                          hb21QzBgft.exeGet hashmaliciousAveMaria, UACMeBrowse
                                                                                                                                                                                          • 128.90.129.125

                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                          No context

                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_Salsa20.pydfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                            LEmcGUQfA7.exeGet hashmaliciousPython Stealer, Creal StealerBrowse
                                                                                                                                                                                              3LcZO15oTC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                main.exeGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    file.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                      DChOtFdp9T.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                                                                                        3OQL58yflv.exeGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                          7zip.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            main.exeGet hashmaliciousPython Stealer, Discord Token Stealer, PRYSMAX STEALERBrowse
                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_ARC4.pydfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                LEmcGUQfA7.exeGet hashmaliciousPython Stealer, Creal StealerBrowse
                                                                                                                                                                                                                  3LcZO15oTC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    3LcZO15oTC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      main.exeGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          file.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                            DChOtFdp9T.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                                                                                                              3OQL58yflv.exeGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                                                7zip.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_ARC4.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11264
                                                                                                                                                                                                                                  Entropy (8bit):4.640339306680604
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:dLklddyTHThob0q/tJRrlDfNYSOcqgYCWt:ZgcdZq/JJD6gRWt
                                                                                                                                                                                                                                  MD5:BCD8CAAF9342AB891BB1D8DD45EF0098
                                                                                                                                                                                                                                  SHA1:EE7760BA0FF2548F25D764F000EFBB1332BE6D3E
                                                                                                                                                                                                                                  SHA-256:78725D2F55B7400A3FCAFECD35AF7AEB253FBC0FFCDF1903016EB0AABD1B4E50
                                                                                                                                                                                                                                  SHA-512:8B6FB53AECB514769985EBFDAB1B3C739024597D9C35905E04971D5422256546F7F169BF98F9BAF7D9F42A61CFF3EE7A20664989D3000773BF5EDA10CB3A0C24
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: LEmcGUQfA7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: 3LcZO15oTC.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: 3LcZO15oTC.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: DChOtFdp9T.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: 3OQL58yflv.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: 7zip.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...Y..f.........." ................P........................................p............`..........................................'......0(..d....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..(....`.......*..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_Salsa20.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):13824
                                                                                                                                                                                                                                  Entropy (8bit):5.0194545642425075
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:4t/1nCuqaL0kt7AznuRmceS4lDFhAlcqgcLg:F/k1ACln4lDogcLg
                                                                                                                                                                                                                                  MD5:F19CB847E567A31FAB97435536C7B783
                                                                                                                                                                                                                                  SHA1:4C8BFE404AF28C1781740E7767619A5E2D2FF2B7
                                                                                                                                                                                                                                  SHA-256:1ECE1DC94471D6977DBE2CEEBA3764ADF0625E2203D6257F7C781C619D2A3DAD
                                                                                                                                                                                                                                  SHA-512:382DC205F703FC3E1F072F17F58E321E1A65B86BE7D9D6B07F24A02A156308A7FEC9B1A621BA1F3428FD6BB413D14AE9ECB2A2C8DD62A7659776CFFDEBB6374C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: LEmcGUQfA7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: 3LcZO15oTC.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: DChOtFdp9T.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: 3OQL58yflv.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: 7zip.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`..........................................8......H9..d....`.......P..L............p..(....1...............................1..8............0...............................text...h........................... ..`.rdata..r....0......................@..@.data...H....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_chacha20.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):13312
                                                                                                                                                                                                                                  Entropy (8bit):5.037456384995606
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:st/1nCuqaL0ktPMn1ENe3erKr5br0YbsiDw6a9lkOcqgRGd:p/kpMIodrXbsiDS95gRGd
                                                                                                                                                                                                                                  MD5:DC14677EA8A8C933CC41F9CCF2BEDDC1
                                                                                                                                                                                                                                  SHA1:A6FB87E8F3540743097A467ABE0723247FDAF469
                                                                                                                                                                                                                                  SHA-256:68F081E96AE08617CF111B21EDED35C1774A5EF1223DF9A161C9445A78F25C73
                                                                                                                                                                                                                                  SHA-512:3ABA4CFCBBE4B350AB3230D488BD75186427E3AAAF38D19E0E1C7330F16795AD77FB6E26FF39AF29EAF4F5E8C42118CB680F90AFBFCA218AEDA64DC444675BA2
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`......................................... 8.......8..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):14336
                                                                                                                                                                                                                                  Entropy (8bit):5.09191874780435
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:rMVsiXeqVb0lIb0Pj5Jdfpm68WZDInU282tacqgYLg:rM7ali0Pj5JxCaDuUlgYLg
                                                                                                                                                                                                                                  MD5:C09BB8A30F0F733C81C5C5A3DAD8D76D
                                                                                                                                                                                                                                  SHA1:46FD3BA87A32D12F4EE14601D1AD73B78EDC81D1
                                                                                                                                                                                                                                  SHA-256:8A1B751DB47CE7B1D3BD10BEBFFC7442BE4CFB398E96E3B1FF7FB83C88A8953D
                                                                                                                                                                                                                                  SHA-512:691AC74FAE930E9CEABE782567EFB99C50DD9B8AD607DD7F99A5C7DF2FA2BEB7EDFE2EBB7095A72DA0AE24E688FBABD340EAE8B646D5B8C394FEE8DDD5E60D31
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...X..f.........." ................P.....................................................`.........................................`8.......8..d....`.......P..(............p..(....1...............................1..8............0...............................text............................... ..`.rdata..6....0....... ..............@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_aes.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):36352
                                                                                                                                                                                                                                  Entropy (8bit):6.541423493519083
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:f/UlZA5PUEllvxL/7v/iKBt5ByU0xGitqzSEkxGG7+tpKHb/LZ7fr52EkifcMxme:klcR7JriEbwDaS4j990th9VDBV
                                                                                                                                                                                                                                  MD5:0AB25F99CDAACA6B11F2ECBE8223CAD5
                                                                                                                                                                                                                                  SHA1:7A881B3F84EF39D97A31283DE6D7B7AE85C8BAE6
                                                                                                                                                                                                                                  SHA-256:6CE8A60D1AB5ADC186E23E3DE864D7ADF6BDD37E3B0C591FA910763C5C26AF60
                                                                                                                                                                                                                                  SHA-512:11E89EEF34398DF3B144A0303E08B3A4CAF41A9A8CA618C18135F561731F285F8CF821D81179C2C45F6EEB0E496D9DD3ECF6FF202A3C453C80AFEF8582D06C17
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." .....H...H......P.....................................................`.........................................p...........d...............................0......................................8............`...............................text...xG.......H.................. ..`.rdata.."6...`...8...L..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):15360
                                                                                                                                                                                                                                  Entropy (8bit):5.367749645917753
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:YiJBj5fq/Rk0kPLhOZ3UucCWuSKPEkA2bD9JXx03cqg5YUMLgs:/k1kTMZEjCWNaA2DTx0g5YUMLg
                                                                                                                                                                                                                                  MD5:B6EA675C3A35CD6400A7ECF2FB9530D1
                                                                                                                                                                                                                                  SHA1:0E41751AA48108D7924B0A70A86031DDE799D7D6
                                                                                                                                                                                                                                  SHA-256:76EF4C1759B5553550AB652B84F8E158BA8F34F29FD090393815F06A1C1DC59D
                                                                                                                                                                                                                                  SHA-512:E31FD33E1ED6D4DA3957320250282CFD9EB3A64F12DE4BD2DFE3410F66725164D96B27CAA34C501D1A535A5A2442D5F070650FD3014B4B92624EE00F1C3F3197
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.z.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ......... ......P.....................................................`..........................................9......$:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...8....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                                                                                  Entropy (8bit):5.41148259289073
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:w3d9FkHaz0EJvrj+CYuz7ucc9dG7otDr22KcqgOiewZjW:YkHEJzj+X6769lDzagO/w
                                                                                                                                                                                                                                  MD5:F14E1AA2590D621BE8C10321B2C43132
                                                                                                                                                                                                                                  SHA1:FD84D11619DFFDF82C563E45B48F82099D9E3130
                                                                                                                                                                                                                                  SHA-256:FCE70B3DAFB39C6A4DB85D2D662CB9EB9C4861AA648AD7436E7F65663345D177
                                                                                                                                                                                                                                  SHA-512:A86B9DF163007277D26F2F732ECAB9DBCA8E860F8B5809784F46702D4CEA198824FDEF6AB98BA7DDC281E8791C10EABA002ABDA6F975323B36D5967E0443C1E4
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." ....."... ......P.....................................................`.........................................pI.......J..d....p.......`..................(....B...............................B..8............@...............................text...( .......".................. ..`.rdata..<....@.......&..............@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..(............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):20992
                                                                                                                                                                                                                                  Entropy (8bit):6.041302713678401
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:kUX0JfbRz5MLZA0nmwzMDYpJgLa0Mp8NDBcxgprAM:6NbRzWXwDqgLa1uBfP
                                                                                                                                                                                                                                  MD5:B127CAE435AEB8A2A37D2A1BC1C27282
                                                                                                                                                                                                                                  SHA1:2A7BF8BF7F24B2381370BA6B41FB640EE42BDCCD
                                                                                                                                                                                                                                  SHA-256:538B1253B5929254ED92129FA0957DB26CDDF34A8372BA0BF19D20D01549ADA3
                                                                                                                                                                                                                                  SHA-512:4FE027E46D5132CA63973C67BD5394F2AC74DD4BBCFE93CB16136FAB4B6BF67BECB5A0D4CA359FF9426DA63CA81F793BBF1B79C8A9D8372C53DCB5796D17367E
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....$...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text....".......$.................. ..`.rdata.......@... ...(..............@..@.data...H....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..0............P..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_cast.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):24576
                                                                                                                                                                                                                                  Entropy (8bit):6.530656045206549
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:cEDwUBi9SPu71omZXmrfXA+UA10ol31tuXVYdAgYj:FsUBXmoEXmrXA+NNxWFYfo
                                                                                                                                                                                                                                  MD5:2E15AA6F97ED618A3236CFA920988142
                                                                                                                                                                                                                                  SHA1:A9D556D54519D3E91FA19A936ED291A33C0D1141
                                                                                                                                                                                                                                  SHA-256:516C5EA47A7B9A166F2226ECBA79075F1A35EFFF14D87E00006B34496173BB78
                                                                                                                                                                                                                                  SHA-512:A6C75C4A285753CC94E45500E8DD6B6C7574FB7F610FF65667F1BEC8D8B413FC10514B7D62F196C2B8D017C308C5E19E2AEF918021FA81D0CB3D8CED37D8549A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...W..f.........." .....$...>............................................................`..........................................h.......i..d...............................0....a...............................a..8............@...............................text....#.......$.................. ..`.rdata..:-...@.......(..............@..@.data...H....p.......V..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..0............^..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):12288
                                                                                                                                                                                                                                  Entropy (8bit):4.7080156150187396
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:lF/1n7Guqaj0ktfEJwX1fYwCODR3lncqg0Gd6l:RGXkJEm1feODxDg0Gd6
                                                                                                                                                                                                                                  MD5:40390F2113DC2A9D6CFAE7127F6BA329
                                                                                                                                                                                                                                  SHA1:9C886C33A20B3F76B37AA9B10A6954F3C8981772
                                                                                                                                                                                                                                  SHA-256:6BA9C910F755885E4D356C798A4DD32D2803EA4CFABB3D56165B3017D0491AE2
                                                                                                                                                                                                                                  SHA-512:617B963816838D649C212C5021D7D0C58839A85D4D33BBAF72C0EC6ECD98B609080E9E57AF06FA558FF302660619BE57CC974282826AB9F21AE0D80FBAA831A1
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...X..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):12800
                                                                                                                                                                                                                                  Entropy (8bit):5.159963979391524
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:kblRgfeqfz0RP767fB4A84DgVD6eDcqgzbkLgmf:BwRj67p84Dg6eVgzbkLgmf
                                                                                                                                                                                                                                  MD5:899895C0ED6830C4C9A3328CC7DF95B6
                                                                                                                                                                                                                                  SHA1:C02F14EBDA8B631195068266BA20E03210ABEABC
                                                                                                                                                                                                                                  SHA-256:18D568C7BE3E04F4E6026D12B09B1FA3FAE50FF29AC3DEAF861F3C181653E691
                                                                                                                                                                                                                                  SHA-512:0B4C50E40AF92BC9589668E13DF417244274F46F5A66E1FC7D1D59BC281969BA319305BECEA119385F01CC4603439E4B37AFA2CF90645425210848A02839E3E7
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^..6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...Jk.7?...J..7?..Rich6?..................PE..d...Y..f.........." ................P.....................................................`..........................................8......x9..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......(..............@....pdata..d....P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):14848
                                                                                                                                                                                                                                  Entropy (8bit):5.270418334522813
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:vktJ1gifqQGRk0IP73AdXdmEEEEEm9uhiFEQayDZVMcqgnF6+6Lg:vkdU1ID3AdXd49urQPDggnUjLg
                                                                                                                                                                                                                                  MD5:C4C525B081F8A0927091178F5F2EE103
                                                                                                                                                                                                                                  SHA1:A1F17B5EA430ADE174D02ECC0B3CB79DBF619900
                                                                                                                                                                                                                                  SHA-256:4D86A90B2E20CDE099D6122C49A72BAE081F60EB2EEA0F76E740BE6C41DA6749
                                                                                                                                                                                                                                  SHA-512:7C06E3E6261427BC6E654B2B53518C7EAA5F860A47AE8E80DC3F8F0FED91E122CB2D4632188DC44123FB759749B5425F426CD1153A8F84485EF0491002B26555
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^z.6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...J..7?...J..7?..Rich6?..........................PE..d...Y..f.........." ......... ......P.....................................................`.........................................`9.......:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_des.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):56832
                                                                                                                                                                                                                                  Entropy (8bit):4.231032526864278
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:0qcmHBeNL1dO/qHkpnYcZiGKdZHDLY84vnKAnK2rZA21agVF:fEiqHHx4vZDV
                                                                                                                                                                                                                                  MD5:F9E266F763175B8F6FD4154275F8E2F0
                                                                                                                                                                                                                                  SHA1:8BE457700D58356BC2FA7390940611709A0E5473
                                                                                                                                                                                                                                  SHA-256:14D2799BE604CBDC668FDE8834A896EEE69DAE0E0D43B37289FCCBA35CEF29EC
                                                                                                                                                                                                                                  SHA-512:EB3E37A3C3FF8A65DEF6FA20941C8672A8197A41977E35AE2DC6551B5587B84C2703758320559F2C93C0531AD5C9D0F6C36EC5037669DC5CE78EB3367D89877B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....6...................................................0............`.................................................\...d...............l............ ..0... ...............................@...8............P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...H...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_des3.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):57344
                                                                                                                                                                                                                                  Entropy (8bit):4.252429732285762
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:J4cmHBeIzNweVy/CHkRnYcZiGKdZHDLq80vnKAnKBrZGsURygUX:GEO6CHnX0vZb7
                                                                                                                                                                                                                                  MD5:DECF524B2D53FCD7D4FA726F00B3E5FC
                                                                                                                                                                                                                                  SHA1:E87C6ED4004F2772B888C5B5758AA75FE99D2F6F
                                                                                                                                                                                                                                  SHA-256:58F7053EE70467D3384C73F299C0DFD63EEF9744D61D1980D9D2518974CA92D4
                                                                                                                                                                                                                                  SHA-512:EAFF4FD80843743E61CE635FBADF4E5D9CF2C3E97F3C48350BD9E755F4423AC6867F9FE8746BD5C54E1402B18E8A55AEEF7ACA098C7CF4186DC4C1235EB35DF2
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....8...................................................0............`.....................................................d............................ ..0... ...............................@...8............P...............................text...X7.......8.................. ..`.rdata......P.......<..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):10240
                                                                                                                                                                                                                                  Entropy (8bit):4.690163963718492
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:Yddz2KTnThIz0qfteRY4zp+D3PLui8p1cqgHCWt:k2E9RqfCXp+D3juRpLgiWt
                                                                                                                                                                                                                                  MD5:80BB1E0E06ACAF03A0B1D4EF30D14BE7
                                                                                                                                                                                                                                  SHA1:B20CAC0D2F3CD803D98A2E8A25FBF65884B0B619
                                                                                                                                                                                                                                  SHA-256:5D1C2C60C4E571B88F27D4AE7D22494BED57D5EC91939E5716AFA3EA7F6871F6
                                                                                                                                                                                                                                  SHA-512:2A13AB6715B818AD62267AB51E55CD54714AEBF21EC9EA61C2AEFD56017DC84A6B360D024F8682A2E105582B9C5FE892ECEBD2BEF8A492279B19FFD84BC83FA5
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................0'.......'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):22016
                                                                                                                                                                                                                                  Entropy (8bit):6.1215844022564285
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:nUX0JfbRwUtPMbNv37t6K5jwbDEpJgLa0Mp8xCkgJrAm:jNbRw8EbxwKBwbD+gLa1nh
                                                                                                                                                                                                                                  MD5:3727271FE04ECB6D5E49E936095E95BC
                                                                                                                                                                                                                                  SHA1:46182698689A849A8C210A8BF571D5F574C6F5B1
                                                                                                                                                                                                                                  SHA-256:3AF5B35DCD5A3B6C7E88CEE53F355AAFFF40F2C21DABD4DE27DBB57D1A29B63B
                                                                                                                                                                                                                                  SHA-512:5BED1F4DF678FE90B8E3F1B7C4F68198463E579209B079CB4A40DCAC01CE26AA2417DBE029B196F6F2C6AFAD560E2D1AF9F089ABE37EAD121CA10EE69D9659ED
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....(...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text...H'.......(.................. ..`.rdata.......@... ...,..............@..@.data...H....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..0............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):17920
                                                                                                                                                                                                                                  Entropy (8bit):5.293810509074883
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:4PHoDUntQjNB+/yw/pogeXOvXoTezczOo3p9iJgDQ3iNgnVbwhA:dUOhBcDRogeXOfoTezcio3pUJgDQ3i+
                                                                                                                                                                                                                                  MD5:78AEF441C9152A17DD4DC40C7CC9DF69
                                                                                                                                                                                                                                  SHA1:6BB6F8426AFA6522E647DFC82B1B64FAF3A9781F
                                                                                                                                                                                                                                  SHA-256:56E4E4B156295F1AAA22ECB5481841DE2A9EB84845A16E12A7C18C7C3B05B707
                                                                                                                                                                                                                                  SHA-512:27B27E77BE81B29D42359FE28531225383860BCD19A79044090C4EA58D9F98009A254BF63585979C60B3134D47B8233941ABB354A291F23C8641A4961FA33107
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Y..f.........." .....(... ......P.....................................................`.........................................pI......lJ..d....p.......`..................(....A...............................A..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11776
                                                                                                                                                                                                                                  Entropy (8bit):4.862619033406922
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:0Ga+F/1NtJ9t4udqaj01rlALnNNJSS2sP+YEdMN+F9FdKaWDULk+VOmWbucX6gR7:PF/1n7Guqaj0ktfEON+bMDUlJcqg0Gd
                                                                                                                                                                                                                                  MD5:19E0ABF76B274C12FF624A16713F4999
                                                                                                                                                                                                                                  SHA1:A4B370F556B925F7126BF87F70263D1705C3A0DB
                                                                                                                                                                                                                                  SHA-256:D9FDA05AE16C5387AB46DC728C6EDCE6A3D0A9E1ABDD7ACB8B32FC2A17BE6F13
                                                                                                                                                                                                                                  SHA-512:D03033EA5CF37641FBD802EBEB5019CAEF33C9A78E01519FEA88F87E773DCA92C80B74BA80429B530694DAD0BFA3F043A7104234C7C961E18D48019D90277C8E
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...Y..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......$..............@....pdata..X....P.......&..............@..@.rsrc........`.......*..............@..@.reloc..(....p.......,..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):14336
                                                                                                                                                                                                                                  Entropy (8bit):5.227045547076371
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:saF/1n7Guqaj0ktrE8o2o+V2rQnjt1wmg9jtveDn4clG6VcqgOvgdd:swGXkFE8Zo+AojO9jZeDf5rgOvgz
                                                                                                                                                                                                                                  MD5:309D6F6B0DD022EBD9214F445CAC7BB9
                                                                                                                                                                                                                                  SHA1:ABD22690B7AD77782CFC0D2393D0C038E16070B0
                                                                                                                                                                                                                                  SHA-256:4FBE188C20FB578D4B66349D50AA6FFE4AB86844FB6427C57738F36780D1E2E2
                                                                                                                                                                                                                                  SHA-512:D1951FE92F83E7774E8E877815BED6E6216D56EF18B7F1C369D678CB6E1814243659E9FA7ABC0D22FB5B34A9D50A51D5A89BA00AE1FDD32157FD0FF9902FB4B7
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...x........................... ..`.rdata.......0....... ..............@..@.data...H....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):13824
                                                                                                                                                                                                                                  Entropy (8bit):5.176369829782773
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:rF/1n7Guqaj0ktrESsrUW+SBjsK5tcQmEreD2mf1AoxkVcqgOvgXQ:rGXkFE/UW575tA2eDp1Ao2rgOvgX
                                                                                                                                                                                                                                  MD5:D54FEB9A270B212B0CCB1937C660678A
                                                                                                                                                                                                                                  SHA1:224259E5B684C7AC8D79464E51503D302390C5C9
                                                                                                                                                                                                                                  SHA-256:032B83F1003A796465255D9B246050A196488BAC1260F628913E536314AFDED4
                                                                                                                                                                                                                                  SHA-512:29955A6569CA6D039B35BB40C56AEEB75FC765600525D0B469F72C97945970A428951BAB4AF9CD21B3161D5BBA932F853778E2674CA83B14F7ABA009FA53566F
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...h........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata..@....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_MD2.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):14336
                                                                                                                                                                                                                                  Entropy (8bit):5.047563322651927
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:6alCvH32p3/2pnEhKnLg9yH8puzoFaPERIQAvHD9CIg5kP:5CvHmp3OpnEhmLg9yH8puzoFaPERIQgI
                                                                                                                                                                                                                                  MD5:52DCD4151A9177CF685BE4DF48EA9606
                                                                                                                                                                                                                                  SHA1:F444A4A5CBAE9422B408420115F0D3FF973C9705
                                                                                                                                                                                                                                  SHA-256:D54375DC0652358A6E4E744F1A0EAEEAD87ACCD391A20D6FF324FE14E988A122
                                                                                                                                                                                                                                  SHA-512:64C54B89F2637759309ECC6655831C3A6755924ED70CBC51614061542EB9BA9A8AECF6951EB3AB92447247DC4D7D846C88F4957DBBE4484A9AB934343EE27178
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Q..f.........." ......... ......P.....................................................`.........................................@9.......9..d....`.......P..(............p..(....2...............................2..8............0...............................text...X........................... ..`.rdata..@....0......................@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_MD4.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):13824
                                                                                                                                                                                                                                  Entropy (8bit):5.09893680790018
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:xsiXeqVb0lwbH4P01sAD7I/9hAkwDWzBEbcqgqLg:valqH4M1sAD7KvpwDFtgqLg
                                                                                                                                                                                                                                  MD5:F929B1A3997427191E07CF52AC883054
                                                                                                                                                                                                                                  SHA1:C5EA5B68586C2FB09E5FDD20D4DD616D06F5CBA6
                                                                                                                                                                                                                                  SHA-256:5386908173074FABD95BF269A9DF0A4E1B21C0576923186F449ABF4A820F6A8E
                                                                                                                                                                                                                                  SHA-512:2C79DBCE2C21214D979AB86DD989D41A3AFA7FCB7F3B79BA9974E2EE8F832DD7CA20C1C87C0C380DB037D776FE6D0851D60AD55A08AFDE0003B7E59214DD2F3B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ................P.....................................................`.........................................08.......8..d....`.......P..(............p..(....1...............................2..8............0...............................text............................... ..`.rdata..0....0......................@..@.data........@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_MD5.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):15360
                                                                                                                                                                                                                                  Entropy (8bit):5.451865349855574
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:KfwogDHER1wuiDSyoGTgDZOviNgEPrLg:ugDHELwuiDScTgDwi+EP
                                                                                                                                                                                                                                  MD5:1FA5E257A85D16E916E9C22984412871
                                                                                                                                                                                                                                  SHA1:1AC8EE98AD0A715A1B40AD25D2E8007CDC19871F
                                                                                                                                                                                                                                  SHA-256:D87A9B7CAD4C451D916B399B19298DC46AAACC085833C0793092641C00334B8E
                                                                                                                                                                                                                                  SHA-512:E4205355B647C6E28B7E4722328F51DC2EB3A109E9D9B90F7C53D7A80A5A4B10E40ABDDAB1BA151E73EF3EB56941F843535663F42DCE264830E6E17BB659EADF
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ..... ..........P.....................................................`..........................................8......`9..d....`.......P..X............p..(....1...............................1..8............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):13824
                                                                                                                                                                                                                                  Entropy (8bit):5.104245335186531
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:3F/1n7Guqaj0kt7/Ev9kt0Qwac6QzD8iD0QocqgI4G0S:nGXkd/EvGt9wacNDvAgI4v
                                                                                                                                                                                                                                  MD5:FAD578A026F280C1AE6F787B1FA30129
                                                                                                                                                                                                                                  SHA1:9A3E93818A104314E172A304C3D117B6A66BEB55
                                                                                                                                                                                                                                  SHA-256:74A1FF0801F4704158684267CD8E123F83FB6334FE522C1890AC4A0926F80AB1
                                                                                                                                                                                                                                  SHA-512:ACF8F5B382F3B4C07386505BBDCAF625D13BCC10AA93ED641833E3548261B0AD1063E2F59BE2FCD2AFAF3D315CB3FC5EB629CEFC168B33CFD65A3A6F1120F7FF
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ......... ......P.....................................................`..........................................9.......:..d....`.......P...............p..(...@3..............................`3..8............0...............................text...H........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_SHA1.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):17920
                                                                                                                                                                                                                                  Entropy (8bit):5.671305741258107
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:APHoDUntQj0sKhDOJ+0QPSfu6rofDjiZzgE+kbwb:VUOYsKNO466DjoUE+
                                                                                                                                                                                                                                  MD5:556E6D0E5F8E4DA74C2780481105D543
                                                                                                                                                                                                                                  SHA1:7A49CDEF738E9FE9CD6CD62B0F74EAD1A1774A33
                                                                                                                                                                                                                                  SHA-256:247B0885CF83375211861F37B6DD1376AED5131D621EE0137A60FE7910E40F8B
                                                                                                                                                                                                                                  SHA-512:28FA0CE6BDBCC5E95B80AADC284C12658EF0C2BE63421AF5627776A55050EE0EA0345E30A15B744FC2B2F5B1B1BBB61E4881F27F6E3E863EBAAEED1073F4CDA1
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." .....*..........P.....................................................`..........................................H......hI..d....p.......`..X...............(....A...............................A..8............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_SHA224.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):21504
                                                                                                                                                                                                                                  Entropy (8bit):5.878701941774916
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:EJWo4IRCGHX1KXqHGcvYHp5RYcARQOj4MSTjqgPmJD1OhgkxEv:EcIRnHX1P/YtswvaD1Rk
                                                                                                                                                                                                                                  MD5:2F2655A7BBFE08D43013EDDA27E77904
                                                                                                                                                                                                                                  SHA1:33D51B6C423E094BE3E34E5621E175329A0C0914
                                                                                                                                                                                                                                  SHA-256:C734ABBD95EC120CB315C43021C0E1EB1BF2295AF9F1C24587334C3FCE4A5BE1
                                                                                                                                                                                                                                  SHA-512:8AF99ACC969B0E560022F75A0CDCAA85D0BDEADADEACD59DD0C4500F94A5843EA0D4107789C1A613181B1F4E5252134A485EF6B1D9D83CDB5676C5FEE4D49B90
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_SHA256.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):21504
                                                                                                                                                                                                                                  Entropy (8bit):5.881781476285865
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:EJWo4IRCGHXfKXqHGcvYHp5RYcARQOj4MSTjqgPmJD12gkxEv:EcIRnHXfP/YtswvaD1zk
                                                                                                                                                                                                                                  MD5:CDE035B8AB3D046B1CE37EEE7EE91FA0
                                                                                                                                                                                                                                  SHA1:4298B62ED67C8D4F731D1B33E68D7DC9A58487FF
                                                                                                                                                                                                                                  SHA-256:16BEA322D994A553B293A724B57293D57DA62BC7EAF41F287956B306C13FD972
                                                                                                                                                                                                                                  SHA-512:C44FDEE5A210459CE4557351E56B2D357FD4937F8EC8EACEAB842FEE29761F66C2262FCBAAC837F39C859C67FA0E23D13E0F60B3AE59BE29EB9D8ABAB0A572BB
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_SHA384.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):26624
                                                                                                                                                                                                                                  Entropy (8bit):5.837887867708438
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:e839Cc4itui0gel9soFdkO66MlPGXmXcyYDTzks:Ns4u/FZ6nPxMLDvk
                                                                                                                                                                                                                                  MD5:999D431197D7E06A30E0810F1F910B9A
                                                                                                                                                                                                                                  SHA1:9BFF781221BCFFD8E55485A08627EC2A37363C96
                                                                                                                                                                                                                                  SHA-256:AB242B9C9FB662C6F7CB57F7648F33983D6FA3BB0683C5D4329EC2CC51E8C875
                                                                                                                                                                                                                                  SHA-512:A5DD92DD471ADB44EEFE5919EF9CA3978724E21174DF5B3A9C1F0AB462F928E5A46A460D02417DB7522F5DE3BFEED5EEE6B1EAFAF3E621722E85E72675F7096F
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`..........................................k.......l..d...............................(...pd...............................d..8............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_SHA512.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):26624
                                                                                                                                                                                                                                  Entropy (8bit):5.895310340516013
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:lcX9Nf4ttui0gel9soFdkO66MlPGXmXc/vDTOvk:a38u/FZ6nPxM3DAk
                                                                                                                                                                                                                                  MD5:0931ABBF3AED459B1A2138B551B1D3BB
                                                                                                                                                                                                                                  SHA1:9EC0296DDAF574A89766A2EC035FC30073863AB0
                                                                                                                                                                                                                                  SHA-256:1729A0DC6B80CB7A3C07372B98B10D3C6C613EA645240878E1FDE6A992FA06F1
                                                                                                                                                                                                                                  SHA-512:9F970BB4D10B94F525DDDDE307C7DA5E672BBFB3A3866A34B89B56ADA99476724FD690A4396857182749294F67F36DB471A048789FB715D2A7DAF46917FC1947
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`.........................................@l......(m..d...............................(....d...............................e..8............`...............................text...hG.......H.................. ..`.rdata..x....`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):12800
                                                                                                                                                                                                                                  Entropy (8bit):4.967737129255606
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:dMpWt/1nCuqaL0kt7TsEx2fiTgDZqGF0T7cqgkLgJ:k/k1Ts64DDJyBgkLg
                                                                                                                                                                                                                                  MD5:5F057A380BACBA4EF59C0611549C0E02
                                                                                                                                                                                                                                  SHA1:4B758D18372D71F0AA38075F073722A55B897F71
                                                                                                                                                                                                                                  SHA-256:BCB14DAC6C87C24269D3E60C46B49EFFB1360F714C353318F5BBAA48C79EC290
                                                                                                                                                                                                                                  SHA-512:E1C99E224745B86EE55822C1DBCB4555A11EC31B72D87B46514917EB61E0258A1C6D38C4F592969C17EB4F0F74DA04BCECA31CF1622720E95F0F20E9631792E8
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." ................P.....................................................`.........................................P8.......8..d....`.......P...............p..(....1...............................1..8............0...............................text............................... ..`.rdata..2....0......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):13312
                                                                                                                                                                                                                                  Entropy (8bit):5.007867576025166
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:bMt/1nCuqaL0ktPH0T7fwtF4zDn2rGacqgRGd:1/kpU3Yv4zDXqgRGd
                                                                                                                                                                                                                                  MD5:49BCA1B7DF076D1A550EE1B7ED3BD997
                                                                                                                                                                                                                                  SHA1:47609C7102F5B1BCA16C6BAD4AE22CE0B8AEE9E9
                                                                                                                                                                                                                                  SHA-256:49E15461DCB76690139E71E9359F7FCF92269DCCA78E3BFE9ACB90C6271080B2
                                                                                                                                                                                                                                  SHA-512:8574D7FA133B72A4A8D1D7D9FDB61053BC88C2D238B7AC7D519BE19972B658C44EA1DE433885E3206927C75DD5D1028F74999E048AB73189585B87630F865466
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_keccak.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):15872
                                                                                                                                                                                                                                  Entropy (8bit):5.226023387740053
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:rfRKTN+HLjRskTdf4WazSTkwjEvuY2bylHDiYIgovg:mcHfRl5pauoSjy5DiE
                                                                                                                                                                                                                                  MD5:CB5CFDD4241060E99118DEEC6C931CCC
                                                                                                                                                                                                                                  SHA1:1E7FED96CF26C9F4730A4621CA9D18CECE3E0BCE
                                                                                                                                                                                                                                  SHA-256:A8F809B6A417AF99B75EEEEA3ECD16BDA153CBDA4FFAB6E35CE1E8C884D899C4
                                                                                                                                                                                                                                  SHA-512:8A89E3563C14B81353D251F9F019D8CBF07CB98F78452B8522413C7478A0D77B9ABF2134E4438145D6363CDA39721D2BAE8AD13D1CDACCBB5026619D95F931CF
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...U..f.........." ..... ... ......P.....................................................`..........................................9.......9..d....`.......P..X............p..(...p2...............................2..8............0...............................text............ .................. ..`.rdata..@....0.......$..............@..@.data........@.......4..............@....pdata..X....P.......6..............@..@.rsrc........`.......:..............@..@.reloc..(....p.......<..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Hash\_poly1305.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):14848
                                                                                                                                                                                                                                  Entropy (8bit):5.262055670423592
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:C/ZN2eq/b04PAHH41F6fnVS0sVn+5CA5Z1cD66WGcqgFjLg:vI4IHHaQfSVnCZyDImgFjLg
                                                                                                                                                                                                                                  MD5:18D2D96980802189B23893820714DA90
                                                                                                                                                                                                                                  SHA1:5DEE494D25EB79038CBC2803163E2EF69E68274C
                                                                                                                                                                                                                                  SHA-256:C2FD98C677436260ACB9147766258CB99780A007114AED37C87893DF1CF1A717
                                                                                                                                                                                                                                  SHA-512:0317B65D8F292332C5457A6B15A77548BE5B2705F34BB8F4415046E3E778580ABD17B233E6CC2755C991247E0E65B27B5634465646715657B246483817CACEB7
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...V..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..|............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata..|....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Math\_modexp.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):36352
                                                                                                                                                                                                                                  Entropy (8bit):5.913843738203007
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:dspbXtHQY4ubrttQza9CHnZXQsnecAlOF0qZLAXxQI3Sya6XPpMg3Yx8MnDcCPSq:7Y44UagH6cAFCLUSYpMg3YDzPo5kG9G
                                                                                                                                                                                                                                  MD5:EF472BA63FD22922CA704B1E7B95A29E
                                                                                                                                                                                                                                  SHA1:700B68E7EF95514D5E94D3C6B10884E1E187ACD8
                                                                                                                                                                                                                                  SHA-256:66EEF4E6E0CEEEF2C23A758BFBEDAE7C16282FC93D0A56ACAFC40E871AC3F01C
                                                                                                                                                                                                                                  SHA-512:DC2060531C4153C43ABF30843BCB5F8FA082345CA1BB57F9AC8695EDDB28FF9FDA8132B6B6C67260F779D95FCADCAE2811091BCA300AB1E041FAE6CC7B50ABD8
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .....`...0......`.....................................................`..........................................~..|...L...d...............<...............(....q...............................q..8............p..(............................text...X^.......`.................. ..`.rdata.......p.......d..............@..@.data................x..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Protocol\_scrypt.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):12288
                                                                                                                                                                                                                                  Entropy (8bit):4.735350805948923
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:rhsC3eqv6b0q3OQ3rHu5bc64OhD2I/p3cqgONLg:r/Hq3jHuY64OhDJJgONLg
                                                                                                                                                                                                                                  MD5:3B1CE70B0193B02C437678F13A335932
                                                                                                                                                                                                                                  SHA1:063BFD5A32441ED883409AAD17285CE405977D1F
                                                                                                                                                                                                                                  SHA-256:EB2950B6A2185E87C5318B55132DFE5774A5A579259AB50A7935A7FB143EA7B1
                                                                                                                                                                                                                                  SHA-512:0E02187F17DFCFD323F2F0E62FBFE35F326DCF9F119FC8B15066AFAEEE4EB7078184BC85D571B555E9E67A2DD909EC12D8A67E3D075E9B1283813EF274E05C0D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...Z..f.........." ................P.....................................................`..........................................8..d....8..d....`.......P..4............p..(....1...............................1..8............0...............................text...H........................... ..`.rdata..0....0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\PublicKey\_curve25519.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):22528
                                                                                                                                                                                                                                  Entropy (8bit):5.705606408072877
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:19BcRxBmau38CYIl9bhgIW0mvufueNr359/tjGGDEFSegqrA:NcRy38J+9dmvufFtaGDV
                                                                                                                                                                                                                                  MD5:FF33C306434DEC51D39C7BF1663E25DA
                                                                                                                                                                                                                                  SHA1:665FCF47501F1481534597C1EAC2A52886EF0526
                                                                                                                                                                                                                                  SHA-256:D0E3B6A2D0E073B2D9F0FCDB051727007943A17A4CA966D75EBA37BECDBA6152
                                                                                                                                                                                                                                  SHA-512:66A909DC9C3B7BD4050AA507CD89B0B3A661C85D33C881522EC9568744953B698722C1CBFF093F9CBCD6119BD527FECAB05A67F2E32EC479BE47AFFA4377362C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...\..f.........." .....6...$......P.....................................................`.........................................`Y......`Z..d............p..................(....R..............................0R..8............P...............................text...(5.......6.................. ..`.rdata.......P.......:..............@..@.data........`.......J..............@....pdata.......p.......P..............@..@.rsrc................T..............@..@.reloc..(............V..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\PublicKey\_curve448.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):70656
                                                                                                                                                                                                                                  Entropy (8bit):6.0189903352673655
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:Jfju4GgRMgWWnEDZiECgd/iwOXUQdbhov0Clb8Cx4hpK8ithLFIDullRPwDHxXOa:pXRMgWiEDZiECgd/iwOXUQdbhov0ClbU
                                                                                                                                                                                                                                  MD5:F267BF4256F4105DAD0D3E59023011ED
                                                                                                                                                                                                                                  SHA1:9BC6CA0F375CE49D5787C909D290C07302F58DA6
                                                                                                                                                                                                                                  SHA-256:1DDE8BE64164FF96B2BAB88291042EB39197D118422BEE56EB2846E7A2D2F010
                                                                                                                                                                                                                                  SHA-512:A335AF4DBF1658556ED5DC13EE741419446F7DAEC6BD2688B626A803FA5DD76463D6367C224E0B79B17193735E2C74BA417C26822DAEEF05AC3BAB1588E2DE83
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...\..f.........." .........8......`........................................P............`.............................................0.......d....0....... ..$............@..(.......................................8............................................text...8........................... ..`.rdata..............................@..@.data...............................@....pdata..$.... ......................@..@.rsrc........0......................@..@.reloc..(....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):770560
                                                                                                                                                                                                                                  Entropy (8bit):7.613224993327352
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:XtIrHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h:XtIrHoxJFf1p34hcrn5Go9yQO6
                                                                                                                                                                                                                                  MD5:1EFD7F7CB1C277416011DE6F09C355AF
                                                                                                                                                                                                                                  SHA1:C0F97652AC2703C325AB9F20826A6F84C63532F2
                                                                                                                                                                                                                                  SHA-256:AB45FA80A68DB1635D41DC1A4AAD980E6716DAC8C1778CB5F30CDB013B7DF6E6
                                                                                                                                                                                                                                  SHA-512:2EC4B88A1957733043BBD63CEAA6F5643D446DB607B3267FAD1EC611E6B0AF697056598AAC2AE5D44AB2B9396811D183C32BCE5A0FF34E583193A417D1C5226B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.. .. .. ... .. ..!.. ..!.. .. .. ..!.. ..!.. ..!.. \..!.. \..!.. \.r .. \..!.. Rich.. ................PE..d...[..f.........." ................`.....................................................`.............................................h.......d...............................0......................................8...............(............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):26112
                                                                                                                                                                                                                                  Entropy (8bit):5.8551858881598795
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:BczadRwoF2MZ81n0XTyMCYIl9bhgIW0mv8aeadRcwRwftjGLD2pRQNgQQ77k:2udRf2MuMJ+9dmv8aea34taLDcfQ
                                                                                                                                                                                                                                  MD5:C5FB377F736ED731B5578F57BB765F7A
                                                                                                                                                                                                                                  SHA1:5BA51E11F4DE1CAEDEBA0F7D4D10EC62EC109E01
                                                                                                                                                                                                                                  SHA-256:32073DF3D5C85ABCE7D370D6E341EF163A8350F6A9EDC775C39A23856CCFDD53
                                                                                                                                                                                                                                  SHA-512:D361BCDAF2C700D5A4AC956D96E00961432C05A1B692FC870DB53A90F233A6D24AA0C3BE99E40BD8E5B7C6C1B2BCDCDCFC545292EF321486FFC71C5EA7203E6A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...]..f.........." .....B...&......P.....................................................`..........................................i..0....k..d...............................(... b..............................@b..8............`...............................text....A.......B.................. ..`.rdata..P....`.......F..............@..@.data........p.......V..............@....pdata...............^..............@..@.rsrc................b..............@..@.reloc..(............d..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\PublicKey\_ed448.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):84992
                                                                                                                                                                                                                                  Entropy (8bit):6.064677498000638
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:BrYNvxcZeLrIeNs2qkTwe57DsuP45PqAqVDK9agdUiwOXyQdDrov0slb8gx4TBKW:Br4vxcZeLrIeN1TvHsuP45yAqVDK9ag3
                                                                                                                                                                                                                                  MD5:8A0C0AA820E98E83AC9B665A9FD19EAF
                                                                                                                                                                                                                                  SHA1:6BF5A14E94D81A55A164339F60927D5BF1BAD5C4
                                                                                                                                                                                                                                  SHA-256:4EE3D122DCFFE78E6E7E76EE04C38D3DC6A066E522EE9F7AF34A09649A3628B1
                                                                                                                                                                                                                                  SHA-512:52496AE7439458DEDB58A65DF9FFDCC3A7F31FC36FE7202FB43570F9BB03ABC0565F5EF32E5E6C048ED3EBC33018C19712E58FF43806119B2FB5918612299E7E
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .........8......`.....................................................`..........................................C..h...HE..d....p.......`..l...............(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata..l....`.......>..............@..@.rsrc........p.......H..............@..@.reloc..(............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Util\_cpuid_c.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):10240
                                                                                                                                                                                                                                  Entropy (8bit):4.675380950473425
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:frQRpBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSztllIDpqf4AZaRcX6gnO:Qddz2KTnThIz0qfteRIDgRWcqgnCWt
                                                                                                                                                                                                                                  MD5:44B930B89CE905DB4716A548C3DB8DEE
                                                                                                                                                                                                                                  SHA1:948CBFF12A243C8D17A7ACD3C632EE232DF0F0ED
                                                                                                                                                                                                                                  SHA-256:921C2D55179C0968535B20E9FD7AF55AD29F4CE4CF87A90FE258C257E2673AA5
                                                                                                                                                                                                                                  SHA-512:79DF755BE8B01D576557A4CB3F3200E5EE1EDE21809047ABB9FF8D578C535AC1EA0277EDA97109839A7607AF043019F2C297E767441C7E11F81FDC87FD1B6EFC
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................@'..|....'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Crypto\Util\_strxor.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):10240
                                                                                                                                                                                                                                  Entropy (8bit):4.625428549874022
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:flipBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSzteXuDVZqYNIfcX6gHCWx:Cddz2KTnThIz0qfteR5DVwYkcqgHCWt
                                                                                                                                                                                                                                  MD5:F24F9356A6BDD29B9EF67509A8BC3A96
                                                                                                                                                                                                                                  SHA1:A26946E938304B4E993872C6721EB8CC1DCBE43B
                                                                                                                                                                                                                                  SHA-256:034BB8EFE3068763D32C404C178BD88099192C707A36F5351F7FDB63249C7F81
                                                                                                                                                                                                                                  SHA-512:C4D3F92D7558BE1A714388C72F5992165DD7A9E1B4FA83B882536030542D93FDAD9148C981F76FFF7868192B301AC9256EDB8C3D5CE5A1A2ACAC183F96C1028B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...Z..f.........." ................P........................................p............`......................................... '..t....'..P....P.......@...............`..(....!...............................!..8............ ...............................text...h........................... ..`.rdata..`.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Pythonwin\mfc140u.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):5653536
                                                                                                                                                                                                                                  Entropy (8bit):6.729079283804055
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:49152:ULnsrdZXUTQyJa9qgUUjlQNXkW8GCBTDgHsYogTYn3s3pQMqSj+vTCfEs7ATWYls:UoJUEUYS3zUQFLOAkGkzdnEVomFHKnP+
                                                                                                                                                                                                                                  MD5:CD1D99DF975EE5395174DF834E82B256
                                                                                                                                                                                                                                  SHA1:F395ADA2EFC6433B34D5FBC5948CB47C7073FA43
                                                                                                                                                                                                                                  SHA-256:D8CA1DEA862085F0204680230D29BFF4D168FFF675AB4700EEAF63704D995CB3
                                                                                                                                                                                                                                  SHA-512:397F725E79CA2C68799CF68DFB111A1570427F3D2175D740758C387BDAA508BC9014613E997B92FC96E884F66BB17F453F8AA035731AFD022D9A4E7095616F87
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.cu...&...&...&...'...&...'...&...'...&..&...&G..'...&G..'...&...'...&...&..&G..'...&G..'...&G..'...&G..'...&G..&...&G..'...&Rich...&................PE..d...9.:e.........." .....(-..X)......X,.......................................V.....&~V...`A..........................................:.....h.;.......?......`=..8....V. (...PU.0p..P.5.T...........................`...8............@-.P...(.:......................text....&-......(-................. ..`.rdata.......@-......,-.............@..@.data....6... <.......<.............@....pdata...8...`=..:....<.............@..@.didat..H.....?.......?.............@....rsrc.........?.......?.............@..@.reloc..0p...PU..r....T.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\Pythonwin\win32ui.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1143296
                                                                                                                                                                                                                                  Entropy (8bit):6.0410832425584795
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:dk6co2gGIs7ZetrV6LMEsKK+Onc8fUqzFVVppS6yZAXz:dkG2QQetrgsK79qzFHL
                                                                                                                                                                                                                                  MD5:F0116137D0674482247D056642DC06BF
                                                                                                                                                                                                                                  SHA1:5BB63FCF5E569D94B61383D1921F758BCC48EF81
                                                                                                                                                                                                                                  SHA-256:8ECA3ED313003D3F3DEE1B7A5CE90B50E8477EC6E986E590E5ED91C919FC7564
                                                                                                                                                                                                                                  SHA-512:A8D6420C491766302C615E38DAF5D9B1698E5765125FD256530508E5C0A5675A7BF2F338A22368E0B4DDFA507D8D377507376C477CF9B829E28F3C399203CDE6
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*.K.K...K...K...3]..K..Y>...K.......K...3...K...>...K...>...K...>...K...K...M...>...K..Y>...K..Y>...K..Y>1..K..Y>...K..Rich.K..........................PE..d......g.........." .........r......4.....................................................`.........................................`....T..hr..h...............................l\......T.......................(.......8................0...........................text............................... ..`.rdata..|...........................@..@.data...............................@....pdata...............d..............@..@.rsrc...............................@..@.reloc..l\.......^..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\VCRUNTIME140.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):98736
                                                                                                                                                                                                                                  Entropy (8bit):6.474996871326343
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:BxhUQePlHhR46rXHHGI+mAAD4AeDuXMycecb8i10DWZz:Bvk4wHH+mZD4ADAecb8G1
                                                                                                                                                                                                                                  MD5:F12681A472B9DD04A812E16096514974
                                                                                                                                                                                                                                  SHA1:6FD102EB3E0B0E6EEF08118D71F28702D1A9067C
                                                                                                                                                                                                                                  SHA-256:D66C3B47091CEB3F8D3CC165A43D285AE919211A0C0FCB74491EE574D8D464F8
                                                                                                                                                                                                                                  SHA-512:7D3ACCBF84DE73FB0C5C0DE812A9ED600D39CD7ED0F99527CA86A57CE63F48765A370E913E3A46FFC2CCD48EE07D823DAFDD157710EEF9E7CC1EB7505DC323A2
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.&k..H8..H8..H8.I9..H8...8..H8..I8(.H8e.K9..H8e.L9..H8e.M9..H8e.H9..H8e..8..H8e.J9..H8Rich..H8................PE..d....9............" ... .....`......`.....................................................`A........................................0C..4...dK...............p..p....Z...'...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......B..............@....pdata..p....p.......F..............@..@_RDATA..\............R..............@..@.rsrc................T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):38304
                                                                                                                                                                                                                                  Entropy (8bit):6.3923853431578035
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:Xhh4pTUUtmUwqiu8oSRjez6SD7GkxZYj/9zLUr:xJ9x70GkxuZz2
                                                                                                                                                                                                                                  MD5:75E78E4BF561031D39F86143753400FF
                                                                                                                                                                                                                                  SHA1:324C2A99E39F8992459495182677E91656A05206
                                                                                                                                                                                                                                  SHA-256:1758085A61527B427C4380F0C976D29A8BEE889F2AC480C356A3F166433BF70E
                                                                                                                                                                                                                                  SHA-512:CE4DAF46BCE44A89D21308C63E2DE8B757A23BE2630360209C4A25EB13F1F66A04FBB0A124761A33BBF34496F2F2A02B8DF159B4B62F1B6241E1DBFB0E5D9756
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L......................h.........G.........:...h.......h.......h.......h.......h.+.....h.......Rich............................PE..d................." ... .:...6.......A..............................................B.....`A.........................................m.......m..x....................n...'......D....c..p...........................`b..@............P..`............................text....9.......:.................. ..`.rdata..."...P...$...>..............@..@.data................b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..D............l..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\_asyncio.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):63864
                                                                                                                                                                                                                                  Entropy (8bit):6.138931224373156
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:PQ/9uukni8rAr1QxZIbmQhID5ntG7SytPxE:IVuHe5QxZIbmQhID5nYHxE
                                                                                                                                                                                                                                  MD5:2859C39887921DAD2FF41FEDA44FE174
                                                                                                                                                                                                                                  SHA1:FAE62FAF96223CE7A3E6F7389A9B14B890C24789
                                                                                                                                                                                                                                  SHA-256:AEBC378DB08617EA81A0A3A3BC044BCC7E6303E314630392DD51BAB12F879BD9
                                                                                                                                                                                                                                  SHA-512:790BE0C95C81EB6D410E53FE8018E2CA5EFD1838DC60539EBB011911C36C8478333EE95989CFD1DDAF4F892B537AE8305EB4CD893906930DEAE59C8965CF2FBB
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T..c...c...c.......c...b...c...f...c...g...c...`...c...b...c.Q.b...c...b...c...n...c...c...c.......c...a...c.Rich..c.........................PE..d...^.Vc.........." ...!.R..........`................................................X....`.............................................P.......d.......................x)..........pw..T...........................0v..@............p...............................text....P.......R.................. ..`.rdata..ZK...p...L...V..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\_bz2.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):83328
                                                                                                                                                                                                                                  Entropy (8bit):6.532254531979707
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:douLz7p5Tcayt0KpkKWVa5cNRT8+smUxJIDtVH7SyD8Px:2uLz9meVamQ+sLxJIDtVHVsx
                                                                                                                                                                                                                                  MD5:4101128E19134A4733028CFAAFC2F3BB
                                                                                                                                                                                                                                  SHA1:66C18B0406201C3CFBBA6E239AB9EE3DBB3BE07D
                                                                                                                                                                                                                                  SHA-256:5843872D5E2B08F138A71FE9BA94813AFEE59C8B48166D4A8EB0F606107A7E80
                                                                                                                                                                                                                                  SHA-512:4F2FC415026D7FD71C5018BC2FFDF37A5B835A417B9E5017261849E36D65375715BAE148CE8F9649F9D807A63AC09D0FB270E4ABAE83DFA371D129953A5422CA
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U...U...U...\.E._......W....+.V......X......]......Q......V......W...U..........]......T....).T......T...RichU...........PE..d...t.Vc.........." ...!.....^......,........................................P......nP....`.........................................p...H............0....... .. ........)...@..........T...........................p...@............................................text...O........................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\_cffi_backend.cp311-win_amd64.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):178176
                                                                                                                                                                                                                                  Entropy (8bit):6.165902427203749
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:87aw5iwiVHprp0+/aSdXUONX9dAXS7qkSTLkKh23/qZl:87kBVHplaSdRj4LkSTLLhW/q
                                                                                                                                                                                                                                  MD5:739D352BD982ED3957D376A9237C9248
                                                                                                                                                                                                                                  SHA1:961CF42F0C1BB9D29D2F1985F68250DE9D83894D
                                                                                                                                                                                                                                  SHA-256:9AEE90CF7980C8FF694BB3FFE06C71F87EB6A613033F73E3174A732648D39980
                                                                                                                                                                                                                                  SHA-512:585A5143519ED9B38BB53F912CEA60C87F7CE8BA159A1011CF666F390C2E3CC149E0AC601B008E039A0A78EAF876D7A3F64FFF612F5DE04C822C6E214BC2EFDE
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A:.#.[.p.[.p.[.p.#.p.[.p..q.[.p..zp.[.p..q.[.p..q.[.p..q.[.pN#.q.[.pj.q.[.p.[.p.[.pM.q.[.p.#.p.[.pM.q.[.pM.xp.[.pM.q.[.pRich.[.p................PE..d......f.........." ...).....B............................................... ............`.........................................PX..l....X.......................................?...............................=..@............................................text...X........................... ..`.rdata..............................@..@.data....].......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\_ctypes.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):123768
                                                                                                                                                                                                                                  Entropy (8bit):6.017133084000375
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:QC7Pgg3AwEWwSQJKoPfLSHcn0YJwyncXf9IDQPj6Exv:Qz5IX8jPfLSMJwykfoy
                                                                                                                                                                                                                                  MD5:6A9CA97C039D9BBB7ABF40B53C851198
                                                                                                                                                                                                                                  SHA1:01BCBD134A76CCD4F3BADB5F4056ABEDCFF60734
                                                                                                                                                                                                                                  SHA-256:E662D2B35BB48C5F3432BDE79C0D20313238AF800968BA0FAA6EA7E7E5EF4535
                                                                                                                                                                                                                                  SHA-512:DEDF7F98AFC0A94A248F12E4C4CA01B412DA45B926DA3F9C4CBC1D2CBB98C8899F43F5884B1BF1F0B941EDAEEF65612EA17438E67745962FF13761300910960D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........:..[y..[y..[y..#.[y.. x..[y.. |..[y.. }..[y.. z..[y.. x..[y.O)}..[y.O)x..[y.).x..[y..[x.h[y.. t..[y.. y..[y.. ...[y.. {..[y.Rich.[y.................PE..d...n.Vc.........." ...!.............]...............................................[....`..........................................Q......TR..........................x)..............T...........................`...@............................................text............................... ..`.rdata...m.......n..................@..@.data...$=...p...8...b..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\_decimal.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):251768
                                                                                                                                                                                                                                  Entropy (8bit):6.543870948107038
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:3JhhPXoWcz5HvcQpq9Sr9pmHboiYE9qWM53pLW1AmXYWtmVS9G:fNXoWcznq9Sr9pyKFh6eS9G
                                                                                                                                                                                                                                  MD5:D47E6ACF09EAD5774D5B471AB3AB96FF
                                                                                                                                                                                                                                  SHA1:64CE9B5D5F07395935DF95D4A0F06760319224A2
                                                                                                                                                                                                                                  SHA-256:D0DF57988A74ACD50B2D261E8B5F2C25DA7B940EC2AAFBEE444C277552421E6E
                                                                                                                                                                                                                                  SHA-512:52E132CE94F21FA253FED4CF1F67E8D4423D8C30224F961296EE9F64E2C9F4F7064D4C8405CD3BB67D3CF880FE4C21AB202FA8CF677E3B4DAD1BE6929DBDA4E2
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\F1S.'_..'_..'_.._...'_..\^..'_..\Z..'_..\[..'_..\\..'_..\^..'_..U^..'_..'^..'_..\\..'_..\R..'_..\_..'_..\...'_..\]..'_.Rich.'_.................PE..d...k.Vc.........." ...!.v...<......|...............................................o.....`..........................................T..P....T..................H'......x)......P.......T...........................P...@............................................text...)u.......v.................. ..`.rdata...............z..............@..@.data....*...p...$...R..............@....pdata..H'.......(...v..............@..@.rsrc...............................@..@.reloc..P...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\_hashlib.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):63872
                                                                                                                                                                                                                                  Entropy (8bit):6.166853300594844
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:18njpHxGkYjEEEJkn8cw6ThID5IJt7SyiPx:GnjpHxRJ8w6ThID5IJtEx
                                                                                                                                                                                                                                  MD5:DE4D104EA13B70C093B07219D2EFF6CB
                                                                                                                                                                                                                                  SHA1:83DAF591C049F977879E5114C5FEA9BBBFA0AD7B
                                                                                                                                                                                                                                  SHA-256:39BC615842A176DB72D4E0558F3CDCAE23AB0623AD132F815D21DCFBFD4B110E
                                                                                                                                                                                                                                  SHA-512:567F703C2E45F13C6107D767597DBA762DC5CAA86024C87E7B28DF2D6C77CD06D3F1F97EED45E6EF127D5346679FEA89AC4DC2C453CE366B6233C0FA68D82692
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A.g...g...g.......g..V....g..V....g..V....g..V....g..X....g.......g.......g...g..Qg..X....g..X....g..X.l..g..X....g..Rich.g..........................PE..d...u.Vc.........." ...!.T...~......@?....................................................`.............................................P.......................,........)......\...0}..T............................{..@............p..(............................text...YR.......T.................. ..`.rdata...N...p...P...X..............@..@.data...8...........................@....pdata..,...........................@..@.rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\_lzma.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):158080
                                                                                                                                                                                                                                  Entropy (8bit):6.835761878596918
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:5mGf4k8d79MwyHiRr7tznf49mNoaGjQJplJIDe10Yhx:5Pf4FhMwyMAYOao6P
                                                                                                                                                                                                                                  MD5:337B0E65A856568778E25660F77BC80A
                                                                                                                                                                                                                                  SHA1:4D9E921FEAEE5FA70181EBA99054FFA7B6C9BB3F
                                                                                                                                                                                                                                  SHA-256:613DE58E4A9A80EFF8F8BC45C350A6EAEBF89F85FFD2D7E3B0B266BF0888A60A
                                                                                                                                                                                                                                  SHA-512:19E6DA02D9D25CCEF06C843B9F429E6B598667270631FEBE99A0D12FC12D5DA4FB242973A8351D3BF169F60D2E17FE821AD692038C793CE69DFB66A42211398E
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........X...6D..6D..6D..D..6D@.7E..6D@.3E..6D@.2E..6D@.5E..6DN.7E..6D..7E..6D..7D..6DN.;E..6DN.6E..6DN..D..6DN.4E..6DRich..6D........PE..d...~.Vc.........." ...!.d...........8..............................................O.....`..........................................%..L...\%..x....p.......P.......@...)......8.......T...........................p...@............................................text...~c.......d.................. ..`.rdata..............h..............@..@.data........@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..8............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\_multiprocessing.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):33144
                                                                                                                                                                                                                                  Entropy (8bit):6.322628273839125
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:7HI6RwgJ5xeTjOc88hnJ8RIDRtFBYiSyvg7PxWEwm:rIoJ5UTjOc88hJ8RIDRtFB7SyI7Px7
                                                                                                                                                                                                                                  MD5:1386DBC6DCC5E0BE6FEF05722AE572EC
                                                                                                                                                                                                                                  SHA1:470F2715FAFD5CAFA79E8F3B0A5434A6DA78A1BA
                                                                                                                                                                                                                                  SHA-256:0AE3BF383FF998886F97576C55D6BF0A076C24395CF6FCD2265316E9A6E8C007
                                                                                                                                                                                                                                  SHA-512:CA6E5C33273F460C951CB8EC1D74CE61C0025E2EAD6D517C18A6B0365341A0FD334E8976006CD62B72EB5620CCC42CFDD5196E8B10691B8F19F69F851A440293
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w*.|.y.|.y.|.y...y.|.y...x.|.y...x.|.y...x.|.y...x.|.y...x.|.y.|.y.|.yY..x.|.y...x.|.y...x.|.y...y.|.y...x.|.yRich.|.y................PE..d...c.Vc.........." ...!.....<......0................................................5....`.........................................0D..`....D..x....p.......`.......X..x)...........4..T...........................p3..@............0...............................text............................... ..`.rdata..^....0... ..."..............@..@.data........P.......B..............@....pdata.......`.......H..............@..@.rsrc........p.......L..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\_overlapped.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):49536
                                                                                                                                                                                                                                  Entropy (8bit):6.366550718884209
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:elMCtmIWpU6xgIiXgtloX1JuB65VIDst2YiSyvYPxWEwW:elMFxgIIJu45VIDst27SywPx
                                                                                                                                                                                                                                  MD5:01AD7CA8BC27F92355FD2895FC474157
                                                                                                                                                                                                                                  SHA1:15948CD5A601907FF773D0B48E493ADF0D38A1A6
                                                                                                                                                                                                                                  SHA-256:A083E83F609ED7A2FC18A95D44D8F91C9DC74842F33E19E91988E84DB94C3B5B
                                                                                                                                                                                                                                  SHA-512:8FE6AC8430F8DDE45C74F45575365753042642DC9FA9DEFBCF25AE1832BAF6ABB1EA1AD6D087E4ECE5D0590E36CEE1BEEA99845AEF6182C1EEC4BAFDF9557604
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........hW{..9(..9(..9(.q.(..9(.r8)..9(.r<)..9(.r=)..9(.r:)..9(.r8)..9(..8(..9(S{8)..9(S{=)..9(.r4)..9(.r9)..9(.r.(..9(.r;)..9(Rich..9(........PE..d...e.Vc.........." ...!.B...X............................................................`.........................................0...X................................)......,....f..T...........................Pe..@............`...............................text...:A.......B.................. ..`.rdata..$5...`...6...F..............@..@.data................|..............@....pdata..............................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\_queue.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):31104
                                                                                                                                                                                                                                  Entropy (8bit):6.35436407327013
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:cQuCvO+MZFryl9SDCg6rXv5mkWsnTBq9ID7UJIYiSy1pCQYIPxh8E9VF0Nyb9:cl+yFp6rXRmk5s9ID7UeYiSyv7PxWER
                                                                                                                                                                                                                                  MD5:FF8300999335C939FCCE94F2E7F039C0
                                                                                                                                                                                                                                  SHA1:4FF3A7A9D9CA005B5659B55D8CD064D2EB708B1A
                                                                                                                                                                                                                                  SHA-256:2F71046891BA279B00B70EB031FE90B379DBE84559CF49CE5D1297EA6BF47A78
                                                                                                                                                                                                                                  SHA-512:F29B1FD6F52130D69C8BD21A72A71841BF67D54B216FEBCD4E526E81B499B9B48831BB7CDFF0BFF6878AAB542CA05D6326B8A293F2FB4DD95058461C0FD14017
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........MX..#...#...#.......#..."...#...&...#...'...#... ...#..."...#.Q."...#..."...#.......#...#...#.......#...!...#.Rich..#.........................PE..d...d.Vc.........." ...!.....8.......................................................K....`..........................................C..L....C..d....p.......`.......P...)..........p4..T...........................03..@............0..0............................text............................... ..`.rdata..R....0......................@..@.data...x....P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\_socket.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):78200
                                                                                                                                                                                                                                  Entropy (8bit):6.239347454910878
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:HJlcAdpEVuju9/s+S+pJGQRivVia3i9IDQw17Sy+Px3sxi:H7ce+uju9/sT+pJGdvVp3i9IDQw1kxZ
                                                                                                                                                                                                                                  MD5:8140BDC5803A4893509F0E39B67158CE
                                                                                                                                                                                                                                  SHA1:653CC1C82BA6240B0186623724AEC3287E9BC232
                                                                                                                                                                                                                                  SHA-256:39715EF8D043354F0AB15F62878530A38518FB6192BC48DA6A098498E8D35769
                                                                                                                                                                                                                                  SHA-512:D0878FEE92E555B15E9F01CE39CFDC3D6122B41CE00EC3A4A7F0F661619F83EC520DCA41E35A1E15650FB34AD238974FE8019577C42CA460DDE76E3891B0E826
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w....................*.......*.......*.......*.......$...............y.......$.......$.......$.......$.......Rich............................PE..d...s.Vc.........." ...!.l...........%.......................................P......h.....`.........................................@...P............0....... ..x.......x)...@..........T...............................@............................................text....k.......l.................. ..`.rdata..Dt.......v...p..............@..@.data...............................@....pdata..x.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\_sqlite3.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):118656
                                                                                                                                                                                                                                  Entropy (8bit):6.2256831065058815
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:fArVnbGK9SGnh8u6rqMD6ciFCrl14zZvV9NdJRvdO5yt6sqM7VjEP/OsYpxtXr9T:YrVSK9SGnh8u6ESx5CVQP/yXZ
                                                                                                                                                                                                                                  MD5:D4324D1E8DB7FCF220C5C541FECCE7E3
                                                                                                                                                                                                                                  SHA1:1CAF5B23AE47F36D797BC6BDD5B75B2488903813
                                                                                                                                                                                                                                  SHA-256:DDBED9D48B17C54FD3005F5A868DD63CB8F3EFE2C22C1821CEBB2FE72836E446
                                                                                                                                                                                                                                  SHA-512:71D56D59E019CF42CEA88203D9C6E50F870CD5C4D5C46991ACBFF3AB9FF13F78D5DBF5D1C2112498FC7E279D41EE27DB279B74B4C08A60BB4098F9E8C296B5D8
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......pU..44..44..44..=Ls.04...O.64...O..54...O.94...O.<4...O.74...O.14...F.64..44.15...O.=4...O..54...O..54...O.54..Rich44..........................PE..d.....Vc.........." ...!............ ....................................................`..........................................Z..P....Z...........................)..............T...........................p...@............................................text............................... ..`.rdata..\...........................@..@.data................n..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\_ssl.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):159616
                                                                                                                                                                                                                                  Entropy (8bit):5.9948013841482926
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:qFrIQQey4VWR98w/PQQcXo8uOVrGxn+SQOXLkd1ItS+Q8YuAfxJIDt75EHx:eEeRV29//4QcJuOynyvxX
                                                                                                                                                                                                                                  MD5:069BCCC9F31F57616E88C92650589BDD
                                                                                                                                                                                                                                  SHA1:050FC5CCD92AF4FBB3047BE40202D062F9958E57
                                                                                                                                                                                                                                  SHA-256:CB42E8598E3FA53EEEBF63F2AF1730B9EC64614BDA276AB2CD1F1C196B3D7E32
                                                                                                                                                                                                                                  SHA-512:0E5513FBE42987C658DBA13DA737C547FF0B8006AECF538C2F5CF731C54DE83E26889BE62E5C8A10D2C91D5ADA4D64015B640DAB13130039A5A8A5AB33A723DC
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B3"..RL,.RL,.RL,.*.,.RL,.)M-.RL,.)I-.RL,.)H-.RL,.)O-.RL,.)M-.RL,b(M-.RL,.RM,.SL,. M-.RL,.)A-.RL,.)L-.RL,.).,.RL,.)N-.RL,Rich.RL,........................PE..d.....Vc.........." ...!............l+....................................................`.............................................d............`.......P.......F...)...p..4... ...T...............................@...............x............................text............................... ..`.rdata..............................@..@.data....j.......f..................@....pdata.......P......."..............@..@.rsrc........`......................@..@.reloc..4....p.......8..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\_uuid.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):23936
                                                                                                                                                                                                                                  Entropy (8bit):6.530276573558295
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:MPfwFpEW56TfQJIDew63IYiSy1pCQIJPxh8E9VF0NyYk:MPqpEbjQJIDew1YiSyvWPxWEW
                                                                                                                                                                                                                                  MD5:9A4957BDC2A783ED4BA681CBA2C99C5C
                                                                                                                                                                                                                                  SHA1:F73D33677F5C61DEB8A736E8DDE14E1924E0B0DC
                                                                                                                                                                                                                                  SHA-256:F7F57807C15C21C5AA9818EDF3993D0B94AEF8AF5808E1AD86A98637FC499D44
                                                                                                                                                                                                                                  SHA-512:027BDCB5B3E0CA911EE3C94C42DA7309EA381B4C8EC27CF9A04090FFF871DB3CF9B7B659FDBCFFF8887A058CB9B092B92D7D11F4F934A53BE81C29EF8895AC2B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Rp^.<#^.<#^.<#W..#\.<#..="\.<#..9"R.<#..8"V.<#..?"].<#..="\.<#..="[.<#^.=#t.<#..4"_.<#..<"_.<#...#_.<#..>"_.<#Rich^.<#................PE..d...e.Vc.........." ...!.....&...... ........................................p......_.....`.........................................`)..L....)..x....P.......@.......4...)...`..@...`#..T........................... "..@............ ..8............................text...h........................... ..`.rdata....... ......................@..@.data........0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..@....`.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\aiohttp\_http_parser.cp311-win_amd64.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):265216
                                                                                                                                                                                                                                  Entropy (8bit):6.186289897337711
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:JVuE3Lg7fl5Uk4KBzwqSVSo5h3fMAYVPAWE2AdrLDYRbqHoXc:LV387fcGzQVSo5oPAWExrHk
                                                                                                                                                                                                                                  MD5:BE4DAD1A4E2E7593F780674B0C609960
                                                                                                                                                                                                                                  SHA1:D997212B620532DFFCDF99C037E5FB85A89077FF
                                                                                                                                                                                                                                  SHA-256:56CF54823F9B5233DA02C9765379EF2B7726DDFE5FB208ED1064FADC5CC856C8
                                                                                                                                                                                                                                  SHA-512:44A68E7CFC8453C04A7E2E37398A7F1EF7C0B02D4982E9CFB0CABA0795D12B34AB0748951F36A9B5ED3CD9AC3E9A267A7036C0A8DB5718AF32D9560F5E19AB36
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<...x.zUx.zUx.zUq..U~.zUi_{Tz.zU.X{Tz.zU.X{T{.zUx.{U..zUi_yT|.zUi_~Tp.zUi_.Tt.zU._rT}.zU._zTy.zU._.Uy.zU._xTy.zURichx.zU........................PE..d...<(cg.........." ...*.0..........P2....................................................`.........................................`.......4...x....`.......@...............p..\......................................@............@...............................text............0.................. ..`.rdata.......@.......4..............@..@.data....F..........................@....pdata.......@......................@..@.rsrc........`......................@..@.reloc..\....p......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\aiohttp\_http_writer.cp311-win_amd64.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):48128
                                                                                                                                                                                                                                  Entropy (8bit):5.755367269808252
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:C28XCt9bjLOY5QT92RiLJNumlSwR/diPGlHX6r8VV:CnX8xLOnT92WJQediPY6r8VV
                                                                                                                                                                                                                                  MD5:433715039A8E766B6DC805835ABB15A8
                                                                                                                                                                                                                                  SHA1:CE5F0348FD49F6F09ECAD985AB8A7086B4418016
                                                                                                                                                                                                                                  SHA-256:422CD07C474DAFCC9341CBE81D252333F5738E231DAD9E603D1189D41FE271A8
                                                                                                                                                                                                                                  SHA-512:42166CA281EC5337E3051A0A74004EA906660B85C38F687AEAD7E7C35B80FF72A4F0DDF40DDF61074A1A119AC38E184CD17DFF0AB647A0C14B9A909B7D5204CE
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T..............]......E.......B.......E.......E.......E.......B...............E.......E.......E1......E......Rich....................PE..d...=(cg.........." ...*.t...........v.......................................P............`.........................................@...h.......d....0....... ...............@......p...............................0...@...............X............................text...8s.......t.................. ..`.rdata...0.......2...x..............@..@.data...8N..........................@....pdata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\aiohttp\_websocket\mask.cp311-win_amd64.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):35840
                                                                                                                                                                                                                                  Entropy (8bit):5.594613826328377
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:lAtmQszKlY5u5fL9Cg+k7hgw8ZZkLMelIT0y17Pu:lfKlYMF0k7hgwMUy1L
                                                                                                                                                                                                                                  MD5:53C301F0E2DDB6D4CF159DD94520D85D
                                                                                                                                                                                                                                  SHA1:718C5B53F045C67E4851EACAA443612327F1F84B
                                                                                                                                                                                                                                  SHA-256:B0E0472DE84C6B4B3C7E615ED8309974387C2C268C2094F199A80C5F56805B1E
                                                                                                                                                                                                                                  SHA-512:1F575E9C9FF221F687D0E9137A7E160A68717895D749465545C896B90D89570D4B5F7FE9D816D071121C1DCFB387C022F8F9677BC3BEA75678B044D1117B8D97
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>..Tz...z...z...s.E.x...kE..x....B..x...kE..y...kE..r...kE..v....B..y...z........E..{....E..{....E).{....E..{...Richz...................PE..d...9(cg.........." ...*.J...D......pM....................................................`..........................................{..X....{..d....................................s...............................q..@............`...............................text....I.......J.................. ..`.rdata..&*...`...,...N..............@..@.data................z..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\aiohttp\_websocket\reader_c.cp311-win_amd64.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):164864
                                                                                                                                                                                                                                  Entropy (8bit):6.043700525008768
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:+VymFm+ShPi9g+bEx3X//qshOI56o6gik+Zfy7:+dFUEvQx3X/SsYI4VVlZfy7
                                                                                                                                                                                                                                  MD5:FEAE0E207D22BA166F9A5B7F5B7C45B7
                                                                                                                                                                                                                                  SHA1:59F0294CDB6251040A31013533B3473A5F21908B
                                                                                                                                                                                                                                  SHA-256:3511F04E76CDB347EA21B60FBC194DC6A60B15E9E5476B54D4B5C29E6864A762
                                                                                                                                                                                                                                  SHA-512:2788CA3839FB3600438A10B6AB8245BD21B4B4835F5B2EEE34FA6DCB1521CA7EE5BD333B3249C89EE10ED6D84BBAF39FC5C7C84E140DEEF4AACD807E1E4CCB4F
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*.En...n...n...g.G.j...."..l....%..l...."..j...."..f...."..b....%..m...n........"..o...."..o...."+.o...."..o...Richn...................PE..d...?(cg.........." ...*............0.....................................................`..........................................N..`....N..x................................... <...............................:..@............................................text............................... ..`.rdata...f.......h..................@..@.data...('...p.......\..............@....pdata...............r..............@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\attrs-24.3.0.dist-info\INSTALLER

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):4
                                                                                                                                                                                                                                  Entropy (8bit):1.5
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:Mn:M
                                                                                                                                                                                                                                  MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                  SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                  SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                  SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:pip.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\attrs-24.3.0.dist-info\METADATA

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (411)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11654
                                                                                                                                                                                                                                  Entropy (8bit):5.225237436297847
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:WusRfi65kQk+kOkKkegJoiWiG/JDPVA1yzBdvrrOmoKT30oEJdQ/0G6lWg+JdQVg:WusQpLb3/oiWZ/JDP/zBdTrHoKD9gA6i
                                                                                                                                                                                                                                  MD5:0E682E7854FE836CAD441326AB36D36D
                                                                                                                                                                                                                                  SHA1:3EFAD7961F8F2DFB0A22A1EEABD3A92B9DA0AB23
                                                                                                                                                                                                                                  SHA-256:7FD8611027805324BB89EC073D1B8C2C3CB5B6927ABF2CBC47F4CA5270A6880F
                                                                                                                                                                                                                                  SHA-512:54FD3B0C98DCE7C11691D08CA22C9C8A74CD838D03723DDA3FBAC326EFC2550EDB892F9D45AA3956C9C5C35B8C20FE096F6A002DEE07150B437A1E7E76AC175A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:Metadata-Version: 2.4.Name: attrs.Version: 24.3.0.Summary: Classes Without Boilerplate.Project-URL: Documentation, https://www.attrs.org/.Project-URL: Changelog, https://www.attrs.org/en/stable/changelog.html.Project-URL: GitHub, https://github.com/python-attrs/attrs.Project-URL: Funding, https://github.com/sponsors/hynek.Project-URL: Tidelift, https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi.Author-email: Hynek Schlawack <hs@ox.cx>.License-Expression: MIT.License-File: LICENSE.Keywords: attribute,boilerplate,class.Classifier: Development Status :: 5 - Production/Stable.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classifier: Programming Language :: Python :: 3.13.Classifier: Programming Language :: Python :: Implementation :: CPython.Classifie

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\attrs-24.3.0.dist-info\RECORD

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3556
                                                                                                                                                                                                                                  Entropy (8bit):5.79558353832013
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:QtukFmJPJooDwKVE50dwB18XbXm9qG3R5YC3XFfqGD+qLtxO:+uu6d418rXGPRWGXSiO
                                                                                                                                                                                                                                  MD5:C31F9F651ADD893DB81193D7B4F54AA9
                                                                                                                                                                                                                                  SHA1:745B7ECB5FFCEF145F10F92AC2DC969BDDA6F399
                                                                                                                                                                                                                                  SHA-256:3F4C872514E82078140DCAF518557221B471EE4305B131FBADAD8659D2BEBD00
                                                                                                                                                                                                                                  SHA-512:6984C4CAE53C279060C67A15F19A76630E0BD33BE24389BE0DC349F4CE62470D67397280F678508FC4F0BCFA4E99DCF47107E868F7EF2264C60ECDFDC4103A8B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:attr/__init__.py,sha256=fOYIvt1eGSqQre4uCS3sJWKZ0mwAuC8UD6qba5OS9_U,2057..attr/__init__.pyi,sha256=QIXnnHPoucmDWkbpNsWTP-cgJ1bn8le7DjyRa_wYdew,11281..attr/__pycache__/__init__.cpython-311.pyc,,..attr/__pycache__/_cmp.cpython-311.pyc,,..attr/__pycache__/_compat.cpython-311.pyc,,..attr/__pycache__/_config.cpython-311.pyc,,..attr/__pycache__/_funcs.cpython-311.pyc,,..attr/__pycache__/_make.cpython-311.pyc,,..attr/__pycache__/_next_gen.cpython-311.pyc,,..attr/__pycache__/_version_info.cpython-311.pyc,,..attr/__pycache__/converters.cpython-311.pyc,,..attr/__pycache__/exceptions.cpython-311.pyc,,..attr/__pycache__/filters.cpython-311.pyc,,..attr/__pycache__/setters.cpython-311.pyc,,..attr/__pycache__/validators.cpython-311.pyc,,..attr/_cmp.py,sha256=3umHiBtgsEYtvNP_8XrQwTCdFoZIX4DEur76N-2a3X8,4123..attr/_cmp.pyi,sha256=U-_RU_UZOyPUEQzXE6RMYQQcjkZRY25wTH99sN0s7MM,368..attr/_compat.py,sha256=4hlXbWhdDjQCDK6FKF1EgnZ3POiHgtpp54qE0nxaGHg,2704..attr/_config.py,sha256=dGq3xR6fgZEF6UBt_L0T-eUHIB4i43

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\attrs-24.3.0.dist-info\WHEEL

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):87
                                                                                                                                                                                                                                  Entropy (8bit):4.730668933656452
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:RtEeXAaCTShvxP+tPCCfA5I:Rt2PehvxWBB3
                                                                                                                                                                                                                                  MD5:E2FCB0AD9EA59332C808928B4B439E7A
                                                                                                                                                                                                                                  SHA1:07311208D4849F821E8AF25A89A9985C4503FBD8
                                                                                                                                                                                                                                  SHA-256:AAD0B0A12256807936D52D4A6F88A1773236AE527564A688BAB4E3FE780E8724
                                                                                                                                                                                                                                  SHA-512:D4CB3CA64D69678959C4F59B4D1CB992E8E2E046A6ACB92341FD30B8CE862BD81A48CBFA09EC9AE2E735FFEC5C12D246D1593A859615ADEE10984635A9BA8AF9
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:Wheel-Version: 1.0.Generator: hatchling 1.27.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\attrs-24.3.0.dist-info\licenses\LICENSE

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1109
                                                                                                                                                                                                                                  Entropy (8bit):5.104415762129373
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:bGf8rUrmJHHH0yN3gtsHw1hC09QHOsUv4eOk4/+/m3oqLFh:bW8rUaJHlxE3dQHOs5exm3ogFh
                                                                                                                                                                                                                                  MD5:5E55731824CF9205CFABEAB9A0600887
                                                                                                                                                                                                                                  SHA1:243E9DD038D3D68C67D42C0C4BA80622C2A56246
                                                                                                                                                                                                                                  SHA-256:882115C95DFC2AF1EEB6714F8EC6D5CBCABF667CAFF8729F42420DA63F714E9F
                                                                                                                                                                                                                                  SHA-512:21B242BF6DCBAFA16336D77A40E69685D7E64A43CC30E13E484C72A93CD4496A7276E18137DC601B6A8C3C193CB775DB89853ECC6D6EB2956DEEE36826D5EBFE
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:The MIT License (MIT)..Copyright (c) 2015 Hynek Schlawack and the attrs contributors..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHE

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\base_library.zip

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1439447
                                                                                                                                                                                                                                  Entropy (8bit):5.586381782332628
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24576:6QRqL5TPAxNWlUKdcubgAnj90HtAWfh2dYMbPRMZdf9:6QRqL2xNbrp
                                                                                                                                                                                                                                  MD5:2A138E2EE499D3BA2FC4AFAEF93B7CAA
                                                                                                                                                                                                                                  SHA1:508C733341845E94FCE7C24B901FC683108DF2A8
                                                                                                                                                                                                                                  SHA-256:130E506EAD01B91B60D6D56072C468AEB5457DD0F2ECD6CE17DFCBB7D51A1F8C
                                                                                                                                                                                                                                  SHA-512:1F61A0FDA5676E8ED8D10DFEE78267F6D785F9C131F5CAF2DD984E18CA9E5866B7658AB7EDB2FFD74920A40FFEA5CD55C0419F5E9EE57A043105E729E10D820B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK..........!. ..y............_collections_abc.pyc............................................d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.........................Z...e.d...............Z.d...Z...e.e...............Z.[.g.d...Z.d.Z...e...e.d.............................Z...e...e...e...........................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.g.............................Z...e...e...e.g...........................................Z...e...e...e.d...........................................Z...e...e...e.d.d.z.............................................Z...e...e...e...........................................Z...e...e.d.............................Z ..e...e.d.............................Z!..e...e...e"..........................................Z#..e.i.......................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\certifi\cacert.pem

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):294769
                                                                                                                                                                                                                                  Entropy (8bit):6.047057219398099
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:QW1x/M8fRRiplkXURrVADwYCuCCgT/Q5MSRqNb7d84u5Nahx:QWb/TRiLWURrId5MWavdX08/
                                                                                                                                                                                                                                  MD5:52A8319281308DE49CCEF4850A7245BC
                                                                                                                                                                                                                                  SHA1:43D20D833B084454311CA9B00DD7595C527CE3BB
                                                                                                                                                                                                                                  SHA-256:807897254F383A27F45E44F49656F378ABAB2141EDE43A4AD3C2420A597DD23F
                                                                                                                                                                                                                                  SHA-512:2764222C0CD8C862906AC0E3E51F201E748822FE9CE9B1008F3367FDD7F0DB7CC12BF86E319511157AF087DD2093C42E2D84232FAE023D35EE1E425E7C43382D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\charset_normalizer\md.cp311-win_amd64.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):10752
                                                                                                                                                                                                                                  Entropy (8bit):4.821961098415509
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:RIp0fK74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCF2CQAAZW/olyc8H49:RAFCk2z1/t12iwU5usJFSCyAoccg
                                                                                                                                                                                                                                  MD5:E3D495CF14D857349554A3606A8E7210
                                                                                                                                                                                                                                  SHA1:DB0843B89A84FB37EFD3C76168BCB303174AAC29
                                                                                                                                                                                                                                  SHA-256:E21F4C40C29BE0B115463E7BB8A365946A4AFC152B9FFF602ABD41C6E0CE68A2
                                                                                                                                                                                                                                  SHA-512:8F69A16042E88BC51D30AD4C78D8240E2619104324E79E5F382975486BFB39B4E0A3C35976D08399300D7823D6A358104658374DAF36A513CE0774F3611D4D6E
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6Z..r;..r;..r;..{CM.p;..c...p;......p;..c...q;..c...z;..c...y;......q;..r;..T;.....s;.....s;...!.s;.....s;..Richr;..................PE..d.....jg.........." ...*.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):121344
                                                                                                                                                                                                                                  Entropy (8bit):5.916933725193865
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:pLnt36j53DaUzH7Tiu6nrD2LhacNlbRD9iTV/n:tnF6rqgha8mJ/
                                                                                                                                                                                                                                  MD5:BD18F35F8A56415EC604D97BD3DD44C4
                                                                                                                                                                                                                                  SHA1:63F51EB5DAFEB24327E3BCB63828336C920B4FCD
                                                                                                                                                                                                                                  SHA-256:F3501EBCE24205F3DC54192CD917EAB9A899FE936570650253D4C1466383EFF1
                                                                                                                                                                                                                                  SHA-512:3C1C268005F494413CD2F9409B64ED3A2C9AF558C0F317447AF2C27776406C61DCB28AE6720AF156145078EC565A14A3E12D409E57389BB3D4D10F8D7A92A7D1
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......".7.f.Y.f.Y.f.Y.o...n.Y.wzX.d.Y..}X.d.Y.wzZ.e.Y.wz].n.Y.wz\.k.Y..}X.e.Y.f.X...Y..zQ.g.Y..zY.g.Y..z..g.Y..z[.g.Y.Richf.Y.........................PE..d.....jg.........." ...*.2..........`5.......................................0............`.........................................p...d......................p............ ......................................p...@............P...............................text....1.......2.................. ..`.rdata...Y...P...Z...6..............@..@.data....=.......0..................@....pdata..p...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\cryptography-44.0.0.dist-info\INSTALLER

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):4
                                                                                                                                                                                                                                  Entropy (8bit):1.5
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:Mn:M
                                                                                                                                                                                                                                  MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                  SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                  SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                  SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:pip.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\cryptography-44.0.0.dist-info\METADATA

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):5724
                                                                                                                                                                                                                                  Entropy (8bit):5.120429897887076
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:DlkQIUQIhQIKQILbQIRIaMPktjaVMxsxA2ncEvGDfe0HEdwGArNZG0JQTQCQx5Kw:dcPuPwsrcEvGDfe0HENA5w0JQTQ9x59H
                                                                                                                                                                                                                                  MD5:526D9AC9D8150602EC9ED8B9F4DE7102
                                                                                                                                                                                                                                  SHA1:DBA2CB32C21C4B0F575E77BBCDD4FA468056F5E3
                                                                                                                                                                                                                                  SHA-256:D95F491ED418DC302DB03804DAF9335CE21B2DF4704587E6851EF03E1F84D895
                                                                                                                                                                                                                                  SHA-512:FB13A2F6B64CB7E380A69424D484FC9B8758FA316A7A155FF062BFDACDCA8F2C5D2A03898CD099688B1C16A5A0EDCECFC42BF0D4D330926B10C3FCE9F5238643
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:Metadata-Version: 2.3.Name: cryptography.Version: 44.0.0.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\cryptography-44.0.0.dist-info\RECORD

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):16380
                                                                                                                                                                                                                                  Entropy (8bit):5.587607398047088
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:hXr1GL/l45jEVeKUZVhXau4WJU6F6Gotqw+Iq+NX6ih5VfUqb8q:hXOlMEVdcaiJU6F6Gotqw+/+96ih18q
                                                                                                                                                                                                                                  MD5:09AF09857B22A20B1237C76423D111A3
                                                                                                                                                                                                                                  SHA1:0FA4BECCCB7DE4B5F56A5A2E84D8751A089B136E
                                                                                                                                                                                                                                  SHA-256:18508C295D7D68317791CAB2DBFBFF1B79C19B1812A83C7A15A01FC8263D5249
                                                                                                                                                                                                                                  SHA-512:D0D0C5F728E4F7BD136465722AF8CEAAA83A7F70AA779C90F80EF7B5DDA837E58C8DD1740B8CA5CB27E84E37B9B9FDAA63C2242E8EA60D21EE2EA814F846211A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:cryptography-44.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-44.0.0.dist-info/METADATA,sha256=2V9JHtQY3DAtsDgE2vkzXOIbLfRwRYfmhR7wPh-E2JU,5724..cryptography-44.0.0.dist-info/RECORD,,..cryptography-44.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-44.0.0.dist-info/WHEEL,sha256=Hn9bytZpOGoR6M4U5xUTHC1AJpPD9B1xPrM4STxljEU,94..cryptography-44.0.0.dist-info/licenses/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-44.0.0.dist-info/licenses/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-44.0.0.dist-info/licenses/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=fcUqF1IcadxBSH0us1vCvob0OJOrPV3h30yZD8wsHo4,445..cryptography/__init__.py,sha256=XsRL_PxbU6UgoyoglAgJQSrJCP97ovBA8YIEQ2-uI68,762..cryptography/__pycache__/__about__.cpython-311.pyc,,..cryptography/__pycache__/__init__.cpython-311

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\cryptography-44.0.0.dist-info\WHEEL

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):94
                                                                                                                                                                                                                                  Entropy (8bit):5.0373614967294325
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:RtEeX5pG6vhP+tkKciH/KQb:RtvoKWKTQb
                                                                                                                                                                                                                                  MD5:A868F93FCF51C4F1C25658D54F994349
                                                                                                                                                                                                                                  SHA1:535C88A10911673DEABB7889D365E81729E483A6
                                                                                                                                                                                                                                  SHA-256:1E7F5BCAD669386A11E8CE14E715131C2D402693C3F41D713EB338493C658C45
                                                                                                                                                                                                                                  SHA-512:EC13CAC9DF03676640EF5DA033E8C2FAEE63916F27CC27B9C43F0824B98AB4A6ECB4C8D7D039FA6674EF189BDD9265C8ED509C1D80DFF610AEB9E081093AEB3D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:Wheel-Version: 1.0.Generator: maturin (1.7.5).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\cryptography-44.0.0.dist-info\licenses\LICENSE

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):197
                                                                                                                                                                                                                                  Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                  MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                  SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                  SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                  SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\cryptography-44.0.0.dist-info\licenses\LICENSE.APACHE

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11360
                                                                                                                                                                                                                                  Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                  MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                  SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                  SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                  SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\cryptography-44.0.0.dist-info\licenses\LICENSE.BSD

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1532
                                                                                                                                                                                                                                  Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                  MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                  SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                  SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                  SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):8292864
                                                                                                                                                                                                                                  Entropy (8bit):6.493076254122072
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:98304:Y4sf3zg+qUuQdPJMqYLSxuBLZqwt0kDO+5+O:cdeqYLSxuBLZrGjq+
                                                                                                                                                                                                                                  MD5:34293B976DA366D83C12D8EE05DE7B03
                                                                                                                                                                                                                                  SHA1:82B8EB434C26FCC3A5D9673C9B93663C0FF9BF15
                                                                                                                                                                                                                                  SHA-256:A2285C3F2F7E63BA8A17AB5D0A302740E6ADF7E608E0707A7737C1EC3BD8CECC
                                                                                                                                                                                                                                  SHA-512:0807EC7515186F0A989BB667150A84FF3BEBCC248625597BA0BE3C6F07AD60D70CF8A3F65191436EC16042F446D4248BF92FCD02212E459405948DB10F078B8E
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.j...j...j....F..j.......j.......j.......j.......j.......j.......j...j...h.......i...j...j.......j.......j..Rich.j..........................PE..d....^Gg.........." ...*.R\..n"......~Z.......................................~...........`...........................................x.X.....x...............y...............~.......o.T.....................o.(...p.o.@............p\.8............................text....Q\......R\................. ..`.rdata..P9...p\..:...V\.............@..@.data... >....x.......x.............@....pdata........y.......y.............@..@.reloc........~.......}.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\frozenlist\_frozenlist.cp311-win_amd64.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):87040
                                                                                                                                                                                                                                  Entropy (8bit):5.923038424678
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:qundZwmaApD60dSpyT4DIk54S85QwvpC/vNZAg:nLwUpzAczh+wvpqvNZP
                                                                                                                                                                                                                                  MD5:E8CADECD9A3684DBA357FC0489C62492
                                                                                                                                                                                                                                  SHA1:4C488D097A85F9BC61F842E3DCF42E228B9885B3
                                                                                                                                                                                                                                  SHA-256:02053F53EB078BE1488735878DC68524F0E103342250A09EECAE3533D8E9C770
                                                                                                                                                                                                                                  SHA-512:2443C90931A9AD672938D13C60FDB564EE8AA9FCA85E0426445CE36C395AC9675B6F6488518FF16071731CF8E9A0C2F8DD3182120FD9A7DAF6FD2EE813D2C781
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}.5...f...f...f.dDf...f...g...f.d.g...f...g...f...g...f...g...f..g...f...f2..f..g...f..g...f.(f...f..g...fRich...f................PE..d......g.........." ...).....v............................................................`.........................................`7..h....7..x............p..X....................&..............................`%..@...............@............................text............................... ..`.rdata...J.......L..................@..@.data........P.......6..............@....pdata..X....p.......D..............@..@.rsrc................P..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\libcrypto-1_1.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3441504
                                                                                                                                                                                                                                  Entropy (8bit):6.097985120800337
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:49152:8TKuk2CQIU6iV9OjPWgBqIVRIaEv5LY/RnQ2ETEvrPnkbsYNPsNwsML1CPwDv3u6:Vv+KRi5KsEKsY+NwsG1CPwDv3uFfJu
                                                                                                                                                                                                                                  MD5:6F4B8EB45A965372156086201207C81F
                                                                                                                                                                                                                                  SHA1:8278F9539463F0A45009287F0516098CB7A15406
                                                                                                                                                                                                                                  SHA-256:976CE72EFD0A8AEEB6E21AD441AA9138434314EA07F777432205947CDB149541
                                                                                                                                                                                                                                  SHA-512:2C5C54842ABA9C82FB9E7594AE9E264AC3CBDC2CC1CD22263E9D77479B93636799D0F28235AC79937070E40B04A097C3EA3B7E0CD4376A95ED8CA90245B7891F
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........a...2...2...2...2...2..3...2..3...2..3...2..3...2...2...2L.3...2..3...2..3.2..3...2..p2...2..3...2Rich...2........................PE..d...m..b.........." ... ..$...................................................4....../5...`..........................................h/..h...*4.@....`4.|....`2.....Z4.`)...p4..O....,.8...........................`.,.@............ 4..............................text.....$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata.......`2.......1.............@..@.idata..^#... 4..$....3.............@..@.00cfg..u....P4.......3.............@..@.rsrc...|....`4.......3.............@..@.reloc...x...p4..z....3.............@..B................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\libffi-8.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):35064
                                                                                                                                                                                                                                  Entropy (8bit):6.362215445656998
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:SB8J4ihYfwYiXGPc9orPji8i4DDQWvGaRQsTeCXS/Fzc7jsFruRXYV1ZE9DRCXjQ:rGHs4vpegQsTT0uj82S7Fp2DG4yshH
                                                                                                                                                                                                                                  MD5:32D36D2B0719DB2B739AF803C5E1C2F5
                                                                                                                                                                                                                                  SHA1:023C4F1159A2A05420F68DAF939B9AC2B04AB082
                                                                                                                                                                                                                                  SHA-256:128A583E821E52B595EB4B3DDA17697D3CA456EE72945F7ECCE48EDEDAD0E93C
                                                                                                                                                                                                                                  SHA-512:A0A68CFC2F96CB1AFD29DB185C940E9838B6D097D2591B0A2E66830DD500E8B9538D170125A00EE8C22B8251181B73518B73DE94BEEEDD421D3E888564A111C1
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X................d.....N...................5...N......N......N....................................Rich............................PE..d....$(a.........." .....H...*.......L..............................................4.....`..........................................l.......o..P...............8....l..........(....b...............................c..8............`.. ............................text....G.......H.................. ..`.rdata..X....`.......L..............@..@.data................b..............@....pdata..8............d..............@..@.reloc..(............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\libssl-1_1.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):702816
                                                                                                                                                                                                                                  Entropy (8bit):5.547832370836076
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:UUnBMlBGdU/t0voUYHgqRJd7a7+JLvrfX7bOI8Fp0D6WuHU2lvzR:UN/t0vMnffOI8Fp0D6TU2lvzR
                                                                                                                                                                                                                                  MD5:8769ADAFCA3A6FC6EF26F01FD31AFA84
                                                                                                                                                                                                                                  SHA1:38BAEF74BDD2E941CCD321F91BFD49DACC6A3CB6
                                                                                                                                                                                                                                  SHA-256:2AEBB73530D21A2273692A5A3D57235B770DAF1C35F60C74E01754A5DAC05071
                                                                                                                                                                                                                                  SHA-512:FAC22F1A2FFBFB4789BDEED476C8DAF42547D40EFE3E11B41FADBC4445BB7CA77675A31B5337DF55FDEB4D2739E0FB2CBCAC2FEABFD4CD48201F8AE50A9BD90B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.p*..p*..p*......p*...+..p*.\.+..p*.../..p*......p*...)..p*...+..p*..p+.iq*......p*...*..p*.....p*...(..p*.Rich.p*.........PE..d......b.........." ... .B...T......<.....................................................`.........................................@A...N..@U..........s........M......`)......h...0...8...............................@............@..@............................text....@.......B.................. ..`.rdata..J/...`...0...F..............@..@.data...AM.......D...v..............@....pdata...V.......X..................@..@.idata..%W...@...X..................@..@.00cfg..u............j..............@..@.rsrc...s............l..............@..@.reloc..l............t..............@..B................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\multidict\_multidict.cp311-win_amd64.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):47616
                                                                                                                                                                                                                                  Entropy (8bit):5.315276044408234
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:j2vE6F6hmSrnDe651sYEYMXB/6BvE6n0/d3g:jAoVDeWlE5/6BvDni
                                                                                                                                                                                                                                  MD5:ECC0B2FCDA0485900F4B72B378FE4303
                                                                                                                                                                                                                                  SHA1:40D9571B8927C44AF39F9D2AF8821F073520E65A
                                                                                                                                                                                                                                  SHA-256:BCBB43CE216E38361CB108E99BAB86AE2C0F8930C86D12CADFCA703E26003CB1
                                                                                                                                                                                                                                  SHA-512:24FD07EB0149CB8587200C055F20FF8C260B8E626693C180CBA4E066194BED7E8721DDE758B583C93F7CB3D691B50DE6179BA86821414315C17B3D084D290E70
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~..T:l..:l..:l..3.?.8l..*..8l..q...8l..*..9l..*..2l..*..6l..U..9l..:l..Ll..r..;l..r..;l..r.S.;l..r..;l..Rich:l..........................PE..d...;}.f.........." ...).\...`......`^....................................................`.............................................d.......d...............................L.......................................@............p...............................text....Z.......\.................. ..`.rdata...,...p.......`..............@..@.data....#..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..L...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\propcache\_helpers_c.cp311-win_amd64.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):73728
                                                                                                                                                                                                                                  Entropy (8bit):5.828839746531406
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:SIjsHKa66nI3YeD+ElE0Dhhll7mjnQjZVUSdCGbbpyd:vgHKaI3YpMEIfllW4ZOSdCGbbpyd
                                                                                                                                                                                                                                  MD5:A263633F7D5F6B0AC882ADC23A19BC7F
                                                                                                                                                                                                                                  SHA1:26785740B2B9452DAD22AD6573130FA774198F57
                                                                                                                                                                                                                                  SHA-256:3D297D27CE61A6891DB6308EB07DCE20A4E80F88B49A0F4C12EC4CA21CB71136
                                                                                                                                                                                                                                  SHA-512:8397EB4BB3592565FC4178D7EC947588A2F91B56B692CFB5129F6364E914D1880C65CF1F328BA8DB14DE8F6EA5E5A87E86B662F39740970B7FEC8B44209A7778
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..Tn...n...n...g.].l....E..l....B..l....E..m....E..f....E..b....B..m...n........E..o....E..o....E1.o....E..o...Richn...........PE..d....Lg.........." ...*.....n......p........................................p............`.............................................d...4...d....P.......@..H............`..X...................................@...@............................................text.............................. ..`.rdata..XF.......H..................@..@.data........ ......................@....pdata..H....@......................@..@.rsrc........P......................@..@.reloc..X....`......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\psutil\_psutil_windows.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):67072
                                                                                                                                                                                                                                  Entropy (8bit):5.909516720609218
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:AGsHmR02IvVxv7WCyKm7c5Th4vBHTOvyyaZE:AYIvryCyKx5Th4v5OvyyO
                                                                                                                                                                                                                                  MD5:7A9632D241AD8B97BB50E8EF6DAC1CA6
                                                                                                                                                                                                                                  SHA1:29F0D5DE91A84FA58CF45FD134358254B7DA12ED
                                                                                                                                                                                                                                  SHA-256:DD0CCDEECA681645025CA0F562EA45B5B17A1EBFCF1688CD0647A950A2992E2F
                                                                                                                                                                                                                                  SHA-512:CA6AE6493961F722C07B2FACF272CAF428FD6BCD51A01C34271A18C5D898409C400E50BBAAB2771CBDC94B20041668BE8137242995C9096E511F635F1EA80BB9
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......xT..<5..<5..<5..5M7.65..n@..>5..n@..05..n@..45..n@..85...k..>5..wM..-5..<5...5...@..,5...@..=5...@[.=5...@..=5..Rich<5..................PE..d...xDdg.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\pyexpat.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):198008
                                                                                                                                                                                                                                  Entropy (8bit):6.362387676939168
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:6SD0qUuvSsbk1ztMxTfyxh591VisxskpZFkjEVE/qCOeU19IDQhHVxB:6g0pJzmyxh59142WEG/u1Z
                                                                                                                                                                                                                                  MD5:1C0A578249B658F5DCD4B539EEA9A329
                                                                                                                                                                                                                                  SHA1:EFE6FA11A09DEDAC8964735F87877BA477BEC341
                                                                                                                                                                                                                                  SHA-256:D97F3E27130C267E7D3287D1B159F65559E84EAD9090D02A01B4C7DC663CD509
                                                                                                                                                                                                                                  SHA-512:7B21DCD7B64EEBA13BA8A618960190D1A272FA4805DEDCF8F9E1168AEBFE890B0CED991435ECBD353467A046FC0E8307F9A9BE1021742D7D93AA124C52CC49E6
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P..1..1..1..IX..1..J..1..J..1..J..1..J..1..J..1.\C..1..1..1..J..1..J..1..J4..1..J..1.Rich.1.................PE..d...k.Vc.........." ...!............ ........................................ ......lQ....`.............................................P..............................x)..........p3..T...........................02..@............ ...............................text............................... ..`.rdata...... ......................@..@.data.... ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\python3.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):65920
                                                                                                                                                                                                                                  Entropy (8bit):6.085964919090515
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:Apw/EsYpkVgBaz57kcDA7QKFmpz7cnzH/ks/KF61xubwmB1Cf//yhC74JFmpktJU:V/5k8cnzeJH9IDQ0K7SyOPx
                                                                                                                                                                                                                                  MD5:34E49BB1DFDDF6037F0001D9AEFE7D61
                                                                                                                                                                                                                                  SHA1:A25A39DCA11CDC195C9ECD49E95657A3E4FE3215
                                                                                                                                                                                                                                  SHA-256:4055D1B9E553B78C244143AB6B48151604003B39A9BF54879DEE9175455C1281
                                                                                                                                                                                                                                  SHA-512:EDB715654BAAF499CF788BCACD5657ADCF9F20B37B02671ABE71BDA334629344415ED3A7E95CB51164E66A7AA3ED4BF84ACB05649CCD55E3F64036F3178B7856
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q...e...e...e..km...e..ke...e..k....e..kg...e.Rich..e.................PE..d...\.Vc.........." ...!..................................................................`.........................................`...P................................)..............T............................................................................rdata..............................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\python311.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):5758328
                                                                                                                                                                                                                                  Entropy (8bit):6.089726305084683
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:98304:JdHwQkq3AAtsPv3XXTVEspHBMp4SsPxQpe2bx:JdHwQkq3AMsPvHXSpAxQpe2V
                                                                                                                                                                                                                                  MD5:9A24C8C35E4AC4B1597124C1DCBEBE0F
                                                                                                                                                                                                                                  SHA1:F59782A4923A30118B97E01A7F8DB69B92D8382A
                                                                                                                                                                                                                                  SHA-256:A0CF640E756875C25C12B4A38BA5F2772E8E512036E2AC59EB8567BF05FFBFB7
                                                                                                                                                                                                                                  SHA-512:9D9336BF1F0D3BC9CE4A636A5F4E52C5F9487F51F00614FC4A34854A315CE7EA8BE328153812DBD67C45C75001818FA63317EBA15A6C9A024FA9F2CAB163165B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ih.-...-...-...r../...r@.#...r..!...r..%...r..)...$q..7....{..&...-...H...r......r..,...rB.,...r..,...Rich-...........PE..d...R.Vc.........." ...!.T%..,7......K........................................\......~X...`.........................................P.@......NA......`[.......V../....W.x)...p[..B....).T...........................P.).@............p%..............................text...BS%......T%................. ..`.rdata..0....p%......X%.............@..@.data.........A..N...\A.............@....pdata.../....V..0....Q.............@..@PyRuntim......X.......S.............@....rsrc........`[......fV.............@..@.reloc...B...p[..D...pV.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\pywin32_system32\pythoncom311.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):670208
                                                                                                                                                                                                                                  Entropy (8bit):6.035999626973864
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:ngSkceIv3zBJBQoXNi4LCQqAOffa1tpd5g:gSkc/v3zB9NiEWfa
                                                                                                                                                                                                                                  MD5:31C1BF2ACA5DF417F6CE2618C3EEFE7E
                                                                                                                                                                                                                                  SHA1:4C2F7FE265FF28396D03BA0CAB022BBD1785DBF2
                                                                                                                                                                                                                                  SHA-256:1DAF7C87B48554F1481BA4431102D0429704832E42E3563501B1FFDD3362FCD1
                                                                                                                                                                                                                                  SHA-512:5723145F718CC659ADD658BA545C5D810E7032842907BAB5C2335E3DE7F20FE69B58AA42512FD67EA8C6AA133E59E0C26BD90700BDD0D0171AF6C1E1C73A2719
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..~f..-f..-f..-o..-l..-4..,b..-4..,q..-4..,n..-4..,b..-...,d..--..,k..-...,d..--..,o..-f..-5..-...,7..-...,g..-...,g..-Richf..-................PE..d...&..g.........." ......................................................................`..........................................U...c..(...........l....@...z............... ..P...T...............................8............................................text............................... ..`.rdata..x$.......&..................@..@.data....I..........................@....pdata...z...@...|..................@..@.rsrc...l...........................@..@.reloc... ......."..................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\pywin32_system32\pywintypes311.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):134656
                                                                                                                                                                                                                                  Entropy (8bit):5.999117329459055
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:kLcVKY3tOSjPenBttgY/r06Yr27vJmxETaTX7wevxJ:kLcVKY3tOWPxY/rkqzJmxEmTXMev
                                                                                                                                                                                                                                  MD5:5D67ABF69A8939D13BEFB7DE9889B253
                                                                                                                                                                                                                                  SHA1:BCBBF88C05732D4E1E3811FD312425C1C92018D1
                                                                                                                                                                                                                                  SHA-256:615EB8A75F9ED9371A59DA8F31E27EE091C013DB0B9164A5124CA0656EA47CB4
                                                                                                                                                                                                                                  SHA-512:FA34EB05996C41F23524A8B4F1FAED0BDD41224D8E514AA57D568A55D2044C32798C1357F22C72AD79FD02948CAAD89B98B8E9B0AD2927E4A0169739335271CE
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I+.j'x.j'x.j'x...x.j'x..&y.j'x...x.j'x.."y.j'x..#y.j'x..$y.j'x..#y.j'x..&y.j'x..&y.j'x.j&xCj'xk..y.j'xk.'y.j'xk.%y.j'xRich.j'x................PE..d......g.........." ................,........................................P............`..........................................u..lB......,....0..l.......L............@..0....Q..T............................R..8............................................text...y........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata..L...........................@..@.rsrc...l....0......................@..@.reloc..0....@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\select.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):29056
                                                                                                                                                                                                                                  Entropy (8bit):6.49468173344972
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:5oR1ecReJKwHqUuI7A70RUZ9ID7GvIYiSy1pCQlIJNPxh8E9VF0NyUT2:ezeUeJlHqybG9ID7GQYiSyvCPxWEC
                                                                                                                                                                                                                                  MD5:97EE623F1217A7B4B7DE5769B7B665D6
                                                                                                                                                                                                                                  SHA1:95B918F3F4C057FB9C878C8CC5E502C0BD9E54C0
                                                                                                                                                                                                                                  SHA-256:0046EB32F873CDE62CF29AF02687B1DD43154E9FD10E0AA3D8353D3DEBB38790
                                                                                                                                                                                                                                  SHA-512:20EDC7EAE5C0709AF5C792F04A8A633D416DA5A38FC69BD0409AFE40B7FB1AFA526DE6FE25D8543ECE9EA44FD6BAA04A9D316AC71212AE9638BDEF768E661E0F
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>.t^_f'^_f'^_f'W'.'\_f'.$g&\_f'.$c&R_f'.$b&V_f'.$e&Z_f'.$g&\_f'^_g'._f'.-g&[_f'.$k&__f'.$f&__f'.$.'__f'.$d&__f'Rich^_f'........PE..d...e.Vc.........." ...!.....2............................................................`..........................................@..L...,A..x....p.......`.......H...)......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\setuptools-65.5.0.dist-info\INSTALLER

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):4
                                                                                                                                                                                                                                  Entropy (8bit):1.5
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:Mn:M
                                                                                                                                                                                                                                  MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                  SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                  SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                  SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:pip.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\setuptools-65.5.0.dist-info\LICENSE

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1050
                                                                                                                                                                                                                                  Entropy (8bit):5.072538194763298
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:1rmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:1aJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                                                                                  MD5:7A7126E068206290F3FE9F8D6C713EA6
                                                                                                                                                                                                                                  SHA1:8E6689D37F82D5617B7F7F7232C94024D41066D1
                                                                                                                                                                                                                                  SHA-256:DB3F0246B1F9278F15845B99FEC478B8B506EB76487993722F8C6E254285FAF8
                                                                                                                                                                                                                                  SHA-512:C9F0870BC5D5EFF8769D9919E6D8DDE1B773543634F7D03503A9E8F191BD4ACC00A97E0399E173785D1B65318BAC79F41D3974AE6855E5C432AC5DACF8D13E8A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:Copyright Jason R. Coombs..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTW

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\setuptools-65.5.0.dist-info\METADATA

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):6301
                                                                                                                                                                                                                                  Entropy (8bit):5.107162422517841
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:W4rkAIG0wRg8wbNDdq6T9927uoU/GBpHFwTZ:Sq0wRg8wbNDdBh927uoU/GBRFi
                                                                                                                                                                                                                                  MD5:9E59BD13BB75B38EB7962BF64AC30D6F
                                                                                                                                                                                                                                  SHA1:70F6A68B42695D1BFA55ACB63D8D3351352B2AAC
                                                                                                                                                                                                                                  SHA-256:80C7A3B78EA0DFF1F57855EE795E7D33842A0827AA1EF4EE17EC97172A80C892
                                                                                                                                                                                                                                  SHA-512:67AC61739692ECC249EBDC8F5E1089F68874DCD65365DB1C389FDD0CECE381591A30B99A2774B8CAAA00E104F3E35FF3745AFF6F5F0781289368398008537AE7
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:Metadata-Version: 2.1.Name: setuptools.Version: 65.5.0.Summary: Easily download, build, install, upgrade, and uninstall Python packages.Home-page: https://github.com/pypa/setuptools.Author: Python Packaging Authority.Author-email: distutils-sig@python.org.Project-URL: Documentation, https://setuptools.pypa.io/.Project-URL: Changelog, https://setuptools.pypa.io/en/stable/history.html.Keywords: CPAN PyPI distutils eggs package management.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: Topic :: System :: Systems Administration.Classifier: Topic :: Utilities.Requires-Python: >=3.7.License-File: LICENSE.Provides-Extra: certs.Provides-Extra: docs.Requi

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\setuptools-65.5.0.dist-info\RECORD

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):37694
                                                                                                                                                                                                                                  Entropy (8bit):5.555787611309118
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:vSzcBlShgRUhbul9nXJkpIVh498WjXYH0+5+E/8mrnaDoaQP7IOQRJqxBPgof2yd:vc853yQXYAY8AKCT9r2/GsIVxE9Im
                                                                                                                                                                                                                                  MD5:087F72A04BB085627494651E36C4C513
                                                                                                                                                                                                                                  SHA1:1E39070E246F91D8926268A033C6F584E629E2DE
                                                                                                                                                                                                                                  SHA-256:BFB77A968E06417BD37023BF1A2D7F1AAE9D8E74231665D6699D5BB82BDBD7B0
                                                                                                                                                                                                                                  SHA-512:39CE042A20324C6B63A192D70E56B36318C45D04B810A6BD333D1D40B6DAAD947AFB9156C003BC86C700A59F0F25753416D754DA06C808814920F92582CB6058
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:_distutils_hack/__init__.py,sha256=TSekhUW1fdE3rjU3b88ybSBkJxCEpIeWBob4cEuU3ko,6128.._distutils_hack/__pycache__/__init__.cpython-311.pyc,,.._distutils_hack/__pycache__/override.cpython-311.pyc,,.._distutils_hack/override.py,sha256=Eu_s-NF6VIZ4Cqd0tbbA5wtWky2IZPNd8et6GLt1mzo,44..distutils-precedence.pth,sha256=JjjOniUA5XKl4N5_rtZmHrVp0baW_LoHsN0iPaX10iQ,151..pkg_resources/__init__.py,sha256=fT5Y3P1tcSX8sJomClUU10WHeFmvqyNZM4UZHzdpAvg,108568..pkg_resources/__pycache__/__init__.cpython-311.pyc,,..pkg_resources/_vendor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..pkg_resources/_vendor/__pycache__/__init__.cpython-311.pyc,,..pkg_resources/_vendor/__pycache__/appdirs.cpython-311.pyc,,..pkg_resources/_vendor/__pycache__/zipp.cpython-311.pyc,,..pkg_resources/_vendor/appdirs.py,sha256=MievUEuv3l_mQISH5SF0shDk_BNhHHzYiAPrT3ITN4I,24701..pkg_resources/_vendor/importlib_resources/__init__.py,sha256=evPm12kLgYqTm-pbzm60bOuumumT8IpBNWFp0uMyrzE,506..pkg_resources/_vendor/importli

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\setuptools-65.5.0.dist-info\WHEEL

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):92
                                                                                                                                                                                                                                  Entropy (8bit):4.820827594031884
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:RtEeX7MWcSlViZHKRRP+tPCCfA5S:RtBMwlViojWBBf
                                                                                                                                                                                                                                  MD5:4D57030133E279CEB6A8236264823DFD
                                                                                                                                                                                                                                  SHA1:0FDC3988857C560E55D6C36DCC56EE21A51C196D
                                                                                                                                                                                                                                  SHA-256:1B5E87E00DC87A84269CEAD8578B9E6462928E18A95F1F3373C9EEF451A5BCC0
                                                                                                                                                                                                                                  SHA-512:CD98F2A416AC1B13BA82AF073D0819C0EA7C095079143CAB83037D48E9A5450D410DC5CF6B6CFF3F719544EDF1C5F0C7E32E87B746F1C04FE56FAFD614B39826
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.37.1).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\setuptools-65.5.0.dist-info\entry_points.txt

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2740
                                                                                                                                                                                                                                  Entropy (8bit):4.540737240939103
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:lELcZDy3g6ySDsm90rZh2Phv4hhpTqTog:yLAP8arZoP94hTTqcg
                                                                                                                                                                                                                                  MD5:D3262B65DB35BFFAAC248075345A266C
                                                                                                                                                                                                                                  SHA1:93AD6FE5A696252B9DEF334D182432CDA2237D1D
                                                                                                                                                                                                                                  SHA-256:DEC880BB89189B5C9B1491C9EE8A2AA57E53016EF41A2B69F5D71D1C2FBB0453
                                                                                                                                                                                                                                  SHA-512:1726750B22A645F5537C20ADDF23E3D3BAD851CD4BDBA0F9666F9F6B0DC848F9919D7AF8AD8847BD4F18D0F8585DDE51AFBAE6A4CAD75008C3210D17241E0291
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:[distutils.commands].alias = setuptools.command.alias:alias.bdist_egg = setuptools.command.bdist_egg:bdist_egg.bdist_rpm = setuptools.command.bdist_rpm:bdist_rpm.build = setuptools.command.build:build.build_clib = setuptools.command.build_clib:build_clib.build_ext = setuptools.command.build_ext:build_ext.build_py = setuptools.command.build_py:build_py.develop = setuptools.command.develop:develop.dist_info = setuptools.command.dist_info:dist_info.easy_install = setuptools.command.easy_install:easy_install.editable_wheel = setuptools.command.editable_wheel:editable_wheel.egg_info = setuptools.command.egg_info:egg_info.install = setuptools.command.install:install.install_egg_info = setuptools.command.install_egg_info:install_egg_info.install_lib = setuptools.command.install_lib:install_lib.install_scripts = setuptools.command.install_scripts:install_scripts.rotate = setuptools.command.rotate:rotate.saveopts = setuptools.command.saveopts:saveopts.sdist = setuptools.command.sdist:sdist.seto

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\setuptools-65.5.0.dist-info\top_level.txt

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                  Entropy (8bit):3.9115956018096876
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:3Wd+Nt8AfQYv:3Wd+Nttv
                                                                                                                                                                                                                                  MD5:789A691C859DEA4BB010D18728BAD148
                                                                                                                                                                                                                                  SHA1:AEF2CBCCC6A9A8F43E4E150E7FCF1D7B03F0E249
                                                                                                                                                                                                                                  SHA-256:77DC8BDFDBFF5BBAA62830D21FAB13E1B1348FF2ECD4CDCFD7AD4E1A076C9B88
                                                                                                                                                                                                                                  SHA-512:BC2F7CAAD486EB056CB9F68E6C040D448788C3210FF028397CD9AF1277D0051746CAE58EB172F9E73EA731A65B2076C6091C10BCB54D911A7B09767AA6279EF6
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:_distutils_hack.pkg_resources.setuptools.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\sqlite3.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1481088
                                                                                                                                                                                                                                  Entropy (8bit):6.569811736013214
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24576:GjhOK/D8n/vDz5YZ/9T6F2MkEvTPdZklaOPSwfzDJ8CVjBx+Xt4V9zQXeRxd:IX/CDzGZ1T01TPPk76oDJ8qKXavzQOR
                                                                                                                                                                                                                                  MD5:AC633A9EB00F3B165DA1181A88BB2BDA
                                                                                                                                                                                                                                  SHA1:D8C058A4F873FAA6D983E9A5A73A218426EA2E16
                                                                                                                                                                                                                                  SHA-256:8D58DB3067899C997C2DB13BAF13CD4136F3072874B3CA1F375937E37E33D800
                                                                                                                                                                                                                                  SHA-512:4BF6A3AAFF66AE9BF6BC8E0DCD77B685F68532B05D8F4D18AAA7636743712BE65AB7565C9A5C513D5EB476118239FB648084E18B4EF1A123528947E68BD00A97
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<T.S]:.S]:.S]:.Z%.._]:..&;.Q]:..&?.^]:..&>.[]:..&9.W]:../;.P]:.S];..]:..&2.R]:..&:.R]:..&.R]:..&8.R]:.RichS]:.........................PE..d.....Vc.........." ...!.................................................................`..........................................1..L"..LS..................\....p...)..........`...T........................... ...@...............(............................text............................... ..`.rdata..............................@..@.data....G...p...>...H..............@....pdata..\...........................@..@.rsrc................X..............@..@.reloc...............b..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\unicodedata.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1138040
                                                                                                                                                                                                                                  Entropy (8bit):5.434701276929729
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:JbYefjwR6nbJonRiPDjRrO518BEPYPx++ZiLKGZ5KXyVH4eDS0E:tYeMQ0IDJc+EwPgPOG6Xyd46S0E
                                                                                                                                                                                                                                  MD5:BC58EB17A9C2E48E97A12174818D969D
                                                                                                                                                                                                                                  SHA1:11949EBC05D24AB39D86193B6B6FCFF3E4733CFD
                                                                                                                                                                                                                                  SHA-256:ECF7836AA0D36B5880EB6F799EC402B1F2E999F78BFFF6FB9A942D1D8D0B9BAA
                                                                                                                                                                                                                                  SHA-512:4AA2B2CE3EB47503B48F6A888162A527834A6C04D3B49C562983B4D5AAD9B7363D57AEF2E17FE6412B89A9A3B37FB62A4ADE4AFC90016E2759638A17B1DEAE6C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e...l...l...l..|....l.0.m...l.0.i...l.0.h...l.0.o...l.>.m...l.cvm...l...m...l.>.a...l.>.l...l.>.....l.>.n...l.Rich..l.................PE..d...k.Vc.........." ...!.>.......... *...................................................`.............................................X...(........`.......P.......4..x)...p......@]..T............................\..@............P..x............................text....=.......>.................. ..`.rdata.......P.......B..............@..@.data...H....0......................@....pdata.......P......."..............@..@.rsrc........`.......(..............@..@.reloc.......p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\win32\_win32sysloader.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):14848
                                                                                                                                                                                                                                  Entropy (8bit):5.113812591033072
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:rCm72PEO1jIUs0YqEcPbF55UgCWV4rofnDPdRD0hvHvcqvn7ycIt/G/:rardA0Bzx14r6nDrOhv+O/
                                                                                                                                                                                                                                  MD5:B58CA169FDCFFAB726391D3906DD9A4E
                                                                                                                                                                                                                                  SHA1:C4BB8DA84A5D9C31D0ACB7A4127F55E696F414DF
                                                                                                                                                                                                                                  SHA-256:1A8DCDBD730166889C03FAF285DC1DD9F16090DFE81043D80A9D6308300EBAC9
                                                                                                                                                                                                                                  SHA-512:AA23DEBF80D89A40677D1BF1C7C6C3445A79E76419865B86D0D6A605656478067EBEA2752348FCF77D583D2E5DCD284DA7F55F751D6441E647565DA77F982966
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Dg..%..%..%..]..%...P..%...]..%...P..%...P..%...P..%.....%..%..%..LP..%..LP..%..LP..%..Rich.%..................PE..d......g.........." ......................................................................`..........................................;..`...p;..d....p..t....`..................@...|2..T............................2..8............0..p............................text............................... ..`.rdata..4....0......................@..@.data........P......................@....pdata.......`.......0..............@..@.rsrc...t....p.......4..............@..@.reloc..@............8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\win32\win32api.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):133120
                                                                                                                                                                                                                                  Entropy (8bit):5.849201651779307
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:znvpE3JJ/Q7DspOCQUUU40Oc3lRVFhLaNzvBii7qQvmwCoY9LQPe:T4xG4pOCQUUU4rWlRVgv5qQSoY9
                                                                                                                                                                                                                                  MD5:D02300D803850C3B0681E16130FECEE4
                                                                                                                                                                                                                                  SHA1:6411815E2A908432A640719ECFE003B43BBBA35C
                                                                                                                                                                                                                                  SHA-256:B938C8CD68B15EC62F053045A764D8DD38162A75373B305B4CF1392AC05DF5F9
                                                                                                                                                                                                                                  SHA-512:6FAD1836614869AB3BB624BDA9943CEAF9E197B17CA4F4FFE78699492B72F95EEE02AE1BB07C0508438956BEF10CC1E656DDF75D0EDC9EF71A3860AF39075564
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<..Vx...x...x...q...p...*..|...*..p...*..|......z.......z...*..o...3..s...x...-......z......y......y...Richx...........PE..d......g.........." .........................................................P............`.........................................P...............0..\....................@..X....v..T............................;..8............0.........@....................text............................... ..`.rdata..b....0......................@..@.data...X(......."..................@....pdata..............................@..@.rsrc...\....0......................@..@.reloc..X....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\win32\win32trace.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):23552
                                                                                                                                                                                                                                  Entropy (8bit):5.281874510289411
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:9eeH8ZmV+zknwMswDuVQO0T8DmMel2/QEVR7AWCq5yn9ukF1B3:N+zi/uVQ1Q/QEVR1NUpB
                                                                                                                                                                                                                                  MD5:965E9833F4CD7A45C2C1EE85EFC2DA3B
                                                                                                                                                                                                                                  SHA1:3C6888194AD30E17DC5EEA7418133A541BCDDF07
                                                                                                                                                                                                                                  SHA-256:5ECD0274DC220312824BB3086B3E129E38A9DCB06913A2F6173A94DC256BF4C5
                                                                                                                                                                                                                                  SHA-512:F8C4E0C82A8229B3BDB897B536EE73B5D2A9A2810B73DCC77C880961A9A16E43746234A108A9A15BF18638FCFB3086E0F5EEFD85D5BF6F799718DC6F199C4A26
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(U.wF..wF..wF......wF...G..wF...C..wF...B..wF...E..wF.D.G..wF...G..wF...G..wF..wG..wF.D.O..wF.D.F..wF.D.D..wF.Rich.wF.................PE..d......g.........." .....,...,.......(....................................................`......................................... Q..T...tQ..........d....p.......................G..T...........................0H..8............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...(....`.......L..............@....pdata.......p.......R..............@..@.rsrc...d............V..............@..@.reloc...............Z..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\win32com\shell\shell.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):535040
                                                                                                                                                                                                                                  Entropy (8bit):6.1723495244729625
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:SBetHVSFgAXb3MWUF6w7FK3oHPl8eqTOU:SQkgAL3Md983C8eq
                                                                                                                                                                                                                                  MD5:43AA404015B0CEE369E941DC30B3F4B0
                                                                                                                                                                                                                                  SHA1:A34CBA0D08A17934D84B16FCFF5282367EAA08AA
                                                                                                                                                                                                                                  SHA-256:3FB83E9A14901321324F17D11DA50802B6777733E1EE0FD4F89DB0FD09C61690
                                                                                                                                                                                                                                  SHA-512:A8548F39F371B2389EEA45DA4248FFC015F5B243E957BD12B88661DB91D4D745A1CD1E772BDD6C739A87E69A88947FB58248BB394E1C5D21C0A9324EFC87724B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#t.wM'.wM'.wM'...'.wM'..L&.wM'..H&.wM'..I&.wM'..N&.wM'..I&.wM'..L&.wM'!.L&.wM'..K&.wM'..L&.wM'.wL'.wM'!.D&.wM'!.M&.wM'!.O&.wM'Rich.wM'........PE..d...}..g.........." .....2................................................................`.............................................L...<...........L....0..${..............h!......T...............................8............P..(............................text....0.......2.................. ..`.rdata.......P.......6..............@..@.data........P...`...(..............@....pdata..${...0...|..................@..@.rsrc...L...........................@..@.reloc..h!......."..................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI72682\yarl\_quoting_c.cp311-win_amd64.pyd

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):97280
                                                                                                                                                                                                                                  Entropy (8bit):5.966412260554208
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:TaN8DbzRiH4vvKMbyRk0edYfOLRBLdQ8hC4go1CzeTg5RRNpp:2N890U2Rk0GrQSfCzeERRN
                                                                                                                                                                                                                                  MD5:17B333181C4286E91DFEE9D182DED637
                                                                                                                                                                                                                                  SHA1:09BFD38B4F46C5B9D118BD9943920AB4B4058CCD
                                                                                                                                                                                                                                  SHA-256:36975A42953E5B6DEA22F1398C20CC44C4881E3E16EEF0CA757C27E969ECC6B0
                                                                                                                                                                                                                                  SHA-512:A0AC829170AC6424B53AE7FAC580E2CEDC77B2BDDB6A24437542E20E7EF65270F53DCDEDD920FFBAEBE8BF5E32A2B4F2FE9DB76D2C729A6022E2B88DB74EB1BB
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........].c...c...c....)..c......c......c......c......c......c......c...c...c..W...c..W...c..W.E..c..W...c..Rich.c..................PE..d...G.Lg.........." ...*............`.....................................................`..........................................Y..d....Y..x...............................,....G...............................F..@............ ...............................text............................... ..`.rdata..nN... ...P..................@..@.data...P7...p.......`..............@....pdata...............l..............@..@.rsrc................x..............@..@.reloc..,............z..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                  Entropy (8bit):7.997189459418559
                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                  • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                  • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                  File name:pbz3swuapf.exe
                                                                                                                                                                                                                                  File size:22'120'553 bytes
                                                                                                                                                                                                                                  MD5:170c87f28c0983e4263759e9f9f39ee0
                                                                                                                                                                                                                                  SHA1:49491aa3db74c005763597d15d74f6a252010e57
                                                                                                                                                                                                                                  SHA256:14b0435d8e3583abc0b622b0a6d5b07544f045dfcbf5058c008acc7def5252ad
                                                                                                                                                                                                                                  SHA512:5d31983e97fc3f224948dc5be0243e200191a56a69b73ef155fba8b7fb659e4d51e8cd3f26400abde5bf55047c67181832f562fe0a5b543c75fa4b1de3469674
                                                                                                                                                                                                                                  SSDEEP:393216:59Yi2Vlj87dt8Wdq9Nuwq3Obs2ClzbjdQJlAwF3MnG3Cbl5L/5/0V1exWx7y7u0G:59Yi2Vl8ZO82Nuwq3ObRqzXdQZ3MGUbw
                                                                                                                                                                                                                                  TLSH:CC273356BB600CE7E4930539C42BD768E772AE654B70DA1E43A4129A0F9B3D03E3DEC5
                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t=.30\.`0\.`0\.`{$.a7\.`{$.a.\.`{$.a:\.` ..`3\.` ..a9\.` ..a!\.` ..a.\.`{$.a;\.`0\.`.\.`{..a)\.`{..a1\.`Rich0\.`........PE..d..

                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                  Icon Hash:4a464cd47461e179

                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Entrypoint:0x14000ce20
                                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                                                  Imagebase:0x140000000
                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                  DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                  Time Stamp:0x678601B8 [Tue Jan 14 06:18:32 2025 UTC]
                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                  OS Version Major:6
                                                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                                                  File Version Major:6
                                                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                                                  Subsystem Version Major:6
                                                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                                                  Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                  sub esp, 28h
                                                                                                                                                                                                                                  call 00007F5050D3F8BCh
                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                  add esp, 28h
                                                                                                                                                                                                                                  jmp 00007F5050D3F4DFh
                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                  sub esp, 28h
                                                                                                                                                                                                                                  call 00007F5050D3FC88h
                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                  je 00007F5050D3F683h
                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                  mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                  mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                                  jmp 00007F5050D3F667h
                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                  cmp ecx, eax
                                                                                                                                                                                                                                  je 00007F5050D3F676h
                                                                                                                                                                                                                                  xor eax, eax
                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                  cmpxchg dword ptr [0003570Ch], ecx
                                                                                                                                                                                                                                  jne 00007F5050D3F650h
                                                                                                                                                                                                                                  xor al, al
                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                  add esp, 28h
                                                                                                                                                                                                                                  ret
                                                                                                                                                                                                                                  mov al, 01h
                                                                                                                                                                                                                                  jmp 00007F5050D3F659h
                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                  sub esp, 28h
                                                                                                                                                                                                                                  test ecx, ecx
                                                                                                                                                                                                                                  jne 00007F5050D3F669h
                                                                                                                                                                                                                                  mov byte ptr [000356F5h], 00000001h
                                                                                                                                                                                                                                  call 00007F5050D3EDB5h
                                                                                                                                                                                                                                  call 00007F5050D400A0h
                                                                                                                                                                                                                                  test al, al
                                                                                                                                                                                                                                  jne 00007F5050D3F666h
                                                                                                                                                                                                                                  xor al, al
                                                                                                                                                                                                                                  jmp 00007F5050D3F676h
                                                                                                                                                                                                                                  call 00007F5050D4CBBFh
                                                                                                                                                                                                                                  test al, al
                                                                                                                                                                                                                                  jne 00007F5050D3F66Bh
                                                                                                                                                                                                                                  xor ecx, ecx
                                                                                                                                                                                                                                  call 00007F5050D400B0h
                                                                                                                                                                                                                                  jmp 00007F5050D3F64Ch
                                                                                                                                                                                                                                  mov al, 01h
                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                  add esp, 28h
                                                                                                                                                                                                                                  ret
                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                  inc eax
                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                  sub esp, 20h
                                                                                                                                                                                                                                  cmp byte ptr [000356BCh], 00000000h
                                                                                                                                                                                                                                  mov ebx, ecx
                                                                                                                                                                                                                                  jne 00007F5050D3F6C9h
                                                                                                                                                                                                                                  cmp ecx, 01h
                                                                                                                                                                                                                                  jnbe 00007F5050D3F6CCh
                                                                                                                                                                                                                                  call 00007F5050D3FBFEh
                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                  je 00007F5050D3F68Ah
                                                                                                                                                                                                                                  test ebx, ebx
                                                                                                                                                                                                                                  jne 00007F5050D3F686h
                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                  lea ecx, dword ptr [000356A6h]
                                                                                                                                                                                                                                  call 00007F5050D4C9B2h

                                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca340x78.rdata
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000xf41c.rsrc
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2238.pdata
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x570000x764.reloc
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                  .text0x10000x29f700x2a000b8c3814c5fb0b18492ad4ec2ffe0830aFalse0.5518740699404762data6.489205819736506IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                  .rdata0x2b0000x12a280x12c00a6f1f88a78342db9d29418d886b1e6d8False0.5242838541666667data5.750730482418538IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                  .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                  .pdata0x440000x22380x24009cd1eac931545f28ab09329f8bfce843False0.4697265625data5.2645170849678795IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                  .rsrc0x470000xf41c0xf600455788c285fcfdcb4008bc77e762818aFalse0.803099593495935data7.5549760623589695IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                  .reloc0x570000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                  RT_ICON0x472080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                                                                                                                                                                                                  RT_ICON0x480b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                                                                                                                                                                                                  RT_ICON0x489580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                                                                                                                                                                                                  RT_ICON0x48ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                                                                                                                                                                                                  RT_ICON0x523ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                                                                                                                                                                                                  RT_ICON0x549940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                                                                                                                                                                                                  RT_ICON0x55a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                                                                                                                                                                                                  RT_GROUP_ICON0x55ea40x68data0.7019230769230769
                                                                                                                                                                                                                                  RT_MANIFEST0x55f0c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                  USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                                  COMCTL32.dll
                                                                                                                                                                                                                                  KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                                                                                                                                                                  ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                                  GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:09.103987932 CET4973180192.168.2.4178.208.187.105
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:09.109216928 CET8049731178.208.187.105192.168.2.4
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:09.109297037 CET4973180192.168.2.4178.208.187.105
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:09.109338999 CET4973180192.168.2.4178.208.187.105
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:09.114175081 CET8049731178.208.187.105192.168.2.4
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:09.833120108 CET8049731178.208.187.105192.168.2.4
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:09.834052086 CET4973180192.168.2.4178.208.187.105
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:09.835175037 CET4973280192.168.2.4178.208.187.105
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:09.839332104 CET8049731178.208.187.105192.168.2.4
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:09.839396954 CET4973180192.168.2.4178.208.187.105
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:09.840054989 CET8049732178.208.187.105192.168.2.4
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:09.840154886 CET4973280192.168.2.4178.208.187.105
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:09.840194941 CET4973280192.168.2.4178.208.187.105
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:09.845009089 CET8049732178.208.187.105192.168.2.4
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:10.550132036 CET8049732178.208.187.105192.168.2.4
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:10.550784111 CET4973280192.168.2.4178.208.187.105
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:10.557997942 CET8049732178.208.187.105192.168.2.4
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:10.558060884 CET4973280192.168.2.4178.208.187.105

                                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                                  • 178.208.187.105

                                                                                                                                                                                                                                  HTTP Packets

                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                  0192.168.2.449731178.208.187.105807324C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:09.109338999 CET167OUTGET /bababa31692_token.txt HTTP/1.1
                                                                                                                                                                                                                                  Host: 178.208.187.105
                                                                                                                                                                                                                                  User-Agent: python-requests/2.32.3
                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:09.833120108 CET354INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Date: Tue, 14 Jan 2025 11:21:09 GMT
                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                  Last-Modified: Sat, 11 Jan 2025 14:51:22 GMT
                                                                                                                                                                                                                                  ETag: "2e-62b6f5849b585"
                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                  Content-Length: 46
                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                  Data Raw: 38 31 32 34 33 38 33 35 39 31 3a 41 41 45 66 46 72 68 37 4f 37 78 6a 77 61 72 79 47 31 41 43 63 44 4a 79 52 61 48 50 59 4b 48 6b 6a 4c 55
                                                                                                                                                                                                                                  Data Ascii: 8124383591:AAEfFrh7O7xjwaryG1ACcDJyRaHPYKHkjLU


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                  1192.168.2.449732178.208.187.105807324C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:09.840194941 CET165OUTGET /7118723753_chat.txt HTTP/1.1
                                                                                                                                                                                                                                  Host: 178.208.187.105
                                                                                                                                                                                                                                  User-Agent: python-requests/2.32.3
                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                  Jan 14, 2025 12:21:10.550132036 CET317INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Date: Tue, 14 Jan 2025 11:21:10 GMT
                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                  Last-Modified: Tue, 14 Jan 2025 06:17:10 GMT
                                                                                                                                                                                                                                  ETag: "a-62ba482d94e4b"
                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                  Content-Length: 10
                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                                                                                                  Data Raw: 37 31 31 38 37 32 33 37 35 33
                                                                                                                                                                                                                                  Data Ascii: 7118723753


                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                  Start time:06:21:02
                                                                                                                                                                                                                                  Start date:14/01/2025
                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\pbz3swuapf.exe"
                                                                                                                                                                                                                                  Imagebase:0x7ff7d7880000
                                                                                                                                                                                                                                  File size:22'120'553 bytes
                                                                                                                                                                                                                                  MD5 hash:170C87F28C0983E4263759E9F9F39EE0
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                                                  Start time:06:21:05
                                                                                                                                                                                                                                  Start date:14/01/2025
                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\pbz3swuapf.exe"
                                                                                                                                                                                                                                  Imagebase:0x7ff7d7880000
                                                                                                                                                                                                                                  File size:22'120'553 bytes
                                                                                                                                                                                                                                  MD5 hash:170C87F28C0983E4263759E9F9F39EE0
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                  Start time:06:21:07
                                                                                                                                                                                                                                  Start date:14/01/2025
                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                                                                  Imagebase:0x7ff6a2a10000
                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                  Start time:06:21:07
                                                                                                                                                                                                                                  Start date:14/01/2025
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                    Execution Coverage:10.3%
                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                    Signature Coverage:19.6%
                                                                                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                                                                                    Total number of Limit Nodes:76
                                                                                                                                                                                                                                    execution_graph 17140 7ff7d788ccac 17161 7ff7d788ce7c 17140->17161 17143 7ff7d788cdf8 17315 7ff7d788d19c IsProcessorFeaturePresent 17143->17315 17144 7ff7d788ccc8 __scrt_acquire_startup_lock 17146 7ff7d788ce02 17144->17146 17153 7ff7d788cce6 __scrt_release_startup_lock 17144->17153 17147 7ff7d788d19c 7 API calls 17146->17147 17149 7ff7d788ce0d __CxxCallCatchBlock 17147->17149 17148 7ff7d788cd0b 17150 7ff7d788cd91 17167 7ff7d788d2e4 17150->17167 17152 7ff7d788cd96 17170 7ff7d7881000 17152->17170 17153->17148 17153->17150 17304 7ff7d7899b9c 17153->17304 17158 7ff7d788cdb9 17158->17149 17311 7ff7d788d000 17158->17311 17162 7ff7d788ce84 17161->17162 17163 7ff7d788ce90 __scrt_dllmain_crt_thread_attach 17162->17163 17164 7ff7d788ce9d 17163->17164 17166 7ff7d788ccc0 17163->17166 17164->17166 17322 7ff7d788d8f8 17164->17322 17166->17143 17166->17144 17168 7ff7d78aa540 memcpy_s 17167->17168 17169 7ff7d788d2fb GetStartupInfoW 17168->17169 17169->17152 17171 7ff7d7881009 17170->17171 17349 7ff7d78954f4 17171->17349 17173 7ff7d78837fb 17356 7ff7d78836b0 17173->17356 17178 7ff7d788c5c0 _log10_special 8 API calls 17179 7ff7d7883ca7 17178->17179 17309 7ff7d788d328 GetModuleHandleW 17179->17309 17180 7ff7d788383c 17523 7ff7d7881c80 17180->17523 17181 7ff7d788391b 17532 7ff7d78845b0 17181->17532 17185 7ff7d788385b 17428 7ff7d7888a20 17185->17428 17186 7ff7d788396a 17555 7ff7d7882710 17186->17555 17190 7ff7d788388e 17197 7ff7d78838bb __std_exception_copy 17190->17197 17527 7ff7d7888b90 17190->17527 17191 7ff7d788395d 17192 7ff7d7883984 17191->17192 17193 7ff7d7883962 17191->17193 17195 7ff7d7881c80 49 API calls 17192->17195 17551 7ff7d78900bc 17193->17551 17198 7ff7d78839a3 17195->17198 17199 7ff7d7888a20 14 API calls 17197->17199 17207 7ff7d78838de __std_exception_copy 17197->17207 17203 7ff7d7881950 115 API calls 17198->17203 17199->17207 17201 7ff7d7883a0b 17202 7ff7d7888b90 40 API calls 17201->17202 17204 7ff7d7883a17 17202->17204 17205 7ff7d78839ce 17203->17205 17208 7ff7d7888b90 40 API calls 17204->17208 17205->17185 17206 7ff7d78839de 17205->17206 17209 7ff7d7882710 54 API calls 17206->17209 17212 7ff7d788390e __std_exception_copy 17207->17212 17441 7ff7d7888b30 17207->17441 17210 7ff7d7883a23 17208->17210 17253 7ff7d7883808 __std_exception_copy 17209->17253 17211 7ff7d7888b90 40 API calls 17210->17211 17211->17212 17213 7ff7d7888a20 14 API calls 17212->17213 17214 7ff7d7883a3b 17213->17214 17215 7ff7d7883b2f 17214->17215 17216 7ff7d7883a60 __std_exception_copy 17214->17216 17217 7ff7d7882710 54 API calls 17215->17217 17218 7ff7d7888b30 40 API calls 17216->17218 17226 7ff7d7883aab 17216->17226 17217->17253 17218->17226 17219 7ff7d7888a20 14 API calls 17220 7ff7d7883bf4 __std_exception_copy 17219->17220 17221 7ff7d7883c46 17220->17221 17222 7ff7d7883d41 17220->17222 17223 7ff7d7883cd4 17221->17223 17224 7ff7d7883c50 17221->17224 17566 7ff7d78844d0 17222->17566 17228 7ff7d7888a20 14 API calls 17223->17228 17448 7ff7d78890e0 17224->17448 17226->17219 17231 7ff7d7883ce0 17228->17231 17229 7ff7d7883d4f 17232 7ff7d7883d65 17229->17232 17233 7ff7d7883d71 17229->17233 17234 7ff7d7883c61 17231->17234 17238 7ff7d7883ced 17231->17238 17569 7ff7d7884620 17232->17569 17236 7ff7d7881c80 49 API calls 17233->17236 17240 7ff7d7882710 54 API calls 17234->17240 17247 7ff7d7883cc8 __std_exception_copy 17236->17247 17241 7ff7d7881c80 49 API calls 17238->17241 17240->17253 17244 7ff7d7883d0b 17241->17244 17242 7ff7d7883dc4 17498 7ff7d7889400 17242->17498 17244->17247 17248 7ff7d7883d12 17244->17248 17245 7ff7d7883da7 SetDllDirectoryW LoadLibraryExW 17245->17242 17246 7ff7d7883dd7 SetDllDirectoryW 17251 7ff7d7883e0a 17246->17251 17252 7ff7d7883e5a 17246->17252 17247->17242 17247->17245 17250 7ff7d7882710 54 API calls 17248->17250 17250->17253 17255 7ff7d7888a20 14 API calls 17251->17255 17254 7ff7d7883ffc 17252->17254 17256 7ff7d7883f1b 17252->17256 17253->17178 17257 7ff7d7884029 17254->17257 17258 7ff7d7884006 PostMessageW GetMessageW 17254->17258 17261 7ff7d7883e16 __std_exception_copy 17255->17261 17503 7ff7d78833c0 17256->17503 17646 7ff7d7883360 17257->17646 17258->17257 17263 7ff7d7883ef2 17261->17263 17267 7ff7d7883e4e 17261->17267 17266 7ff7d7888b30 40 API calls 17263->17266 17266->17252 17267->17252 17572 7ff7d7886db0 17267->17572 17305 7ff7d7899bd4 17304->17305 17306 7ff7d7899bb3 17304->17306 17307 7ff7d789a448 45 API calls 17305->17307 17306->17150 17308 7ff7d7899bd9 17307->17308 17310 7ff7d788d339 17309->17310 17310->17158 17313 7ff7d788d011 17311->17313 17312 7ff7d788cdd0 17312->17148 17313->17312 17314 7ff7d788d8f8 7 API calls 17313->17314 17314->17312 17316 7ff7d788d1c2 __CxxCallCatchBlock memcpy_s 17315->17316 17317 7ff7d788d1e1 RtlCaptureContext RtlLookupFunctionEntry 17316->17317 17318 7ff7d788d246 memcpy_s 17317->17318 17319 7ff7d788d20a RtlVirtualUnwind 17317->17319 17320 7ff7d788d278 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17318->17320 17319->17318 17321 7ff7d788d2c6 __CxxCallCatchBlock 17320->17321 17321->17146 17323 7ff7d788d900 17322->17323 17324 7ff7d788d90a 17322->17324 17328 7ff7d788dc94 17323->17328 17324->17166 17329 7ff7d788d905 17328->17329 17330 7ff7d788dca3 17328->17330 17332 7ff7d788dd00 17329->17332 17336 7ff7d788ded0 17330->17336 17333 7ff7d788dd2b 17332->17333 17334 7ff7d788dd2f 17333->17334 17335 7ff7d788dd0e DeleteCriticalSection 17333->17335 17334->17324 17335->17333 17340 7ff7d788dd38 17336->17340 17346 7ff7d788de22 TlsFree 17340->17346 17347 7ff7d788dd7c __vcrt_FlsAlloc 17340->17347 17341 7ff7d788ddaa LoadLibraryExW 17343 7ff7d788de49 17341->17343 17344 7ff7d788ddcb GetLastError 17341->17344 17342 7ff7d788de69 GetProcAddress 17342->17346 17343->17342 17345 7ff7d788de60 FreeLibrary 17343->17345 17344->17347 17345->17342 17347->17341 17347->17342 17347->17346 17348 7ff7d788dded LoadLibraryExW 17347->17348 17348->17343 17348->17347 17352 7ff7d789f4f0 17349->17352 17350 7ff7d789f543 17351 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 17350->17351 17355 7ff7d789f56c 17351->17355 17352->17350 17353 7ff7d789f596 17352->17353 17659 7ff7d789f3c8 17353->17659 17355->17173 17667 7ff7d788c8c0 17356->17667 17359 7ff7d78836eb GetLastError 17674 7ff7d7882c50 17359->17674 17360 7ff7d7883710 17669 7ff7d78892f0 FindFirstFileExW 17360->17669 17364 7ff7d7883706 17368 7ff7d788c5c0 _log10_special 8 API calls 17364->17368 17365 7ff7d788377d 17700 7ff7d78894b0 17365->17700 17366 7ff7d7883723 17689 7ff7d7889370 CreateFileW 17366->17689 17371 7ff7d78837b5 17368->17371 17370 7ff7d788378b 17370->17364 17376 7ff7d7882810 49 API calls 17370->17376 17371->17253 17378 7ff7d7881950 17371->17378 17373 7ff7d788374c __vcrt_FlsAlloc 17373->17365 17374 7ff7d7883734 17692 7ff7d7882810 17374->17692 17376->17364 17379 7ff7d78845b0 108 API calls 17378->17379 17380 7ff7d7881985 17379->17380 17381 7ff7d7881c43 17380->17381 17382 7ff7d7887f80 83 API calls 17380->17382 17383 7ff7d788c5c0 _log10_special 8 API calls 17381->17383 17384 7ff7d78819cb 17382->17384 17385 7ff7d7881c5e 17383->17385 17427 7ff7d7881a03 17384->17427 18045 7ff7d7890744 17384->18045 17385->17180 17385->17181 17387 7ff7d78900bc 74 API calls 17387->17381 17388 7ff7d78819e5 17389 7ff7d78819e9 17388->17389 17390 7ff7d7881a08 17388->17390 17391 7ff7d7894f78 _get_daylight 11 API calls 17389->17391 18049 7ff7d789040c 17390->18049 17393 7ff7d78819ee 17391->17393 18052 7ff7d7882910 17393->18052 17396 7ff7d7881a26 17398 7ff7d7894f78 _get_daylight 11 API calls 17396->17398 17397 7ff7d7881a45 17401 7ff7d7881a5c 17397->17401 17402 7ff7d7881a7b 17397->17402 17399 7ff7d7881a2b 17398->17399 17400 7ff7d7882910 54 API calls 17399->17400 17400->17427 17403 7ff7d7894f78 _get_daylight 11 API calls 17401->17403 17404 7ff7d7881c80 49 API calls 17402->17404 17405 7ff7d7881a61 17403->17405 17406 7ff7d7881a92 17404->17406 17407 7ff7d7882910 54 API calls 17405->17407 17408 7ff7d7881c80 49 API calls 17406->17408 17407->17427 17409 7ff7d7881add 17408->17409 17410 7ff7d7890744 73 API calls 17409->17410 17411 7ff7d7881b01 17410->17411 17412 7ff7d7881b16 17411->17412 17413 7ff7d7881b35 17411->17413 17414 7ff7d7894f78 _get_daylight 11 API calls 17412->17414 17415 7ff7d789040c _fread_nolock 53 API calls 17413->17415 17416 7ff7d7881b1b 17414->17416 17417 7ff7d7881b4a 17415->17417 17418 7ff7d7882910 54 API calls 17416->17418 17419 7ff7d7881b50 17417->17419 17420 7ff7d7881b6f 17417->17420 17418->17427 17422 7ff7d7894f78 _get_daylight 11 API calls 17419->17422 18067 7ff7d7890180 17420->18067 17424 7ff7d7881b55 17422->17424 17425 7ff7d7882910 54 API calls 17424->17425 17425->17427 17426 7ff7d7882710 54 API calls 17426->17427 17427->17387 17429 7ff7d7888a2a 17428->17429 17430 7ff7d7889400 2 API calls 17429->17430 17431 7ff7d7888a49 GetEnvironmentVariableW 17430->17431 17432 7ff7d7888ab2 17431->17432 17433 7ff7d7888a66 ExpandEnvironmentStringsW 17431->17433 17435 7ff7d788c5c0 _log10_special 8 API calls 17432->17435 17433->17432 17434 7ff7d7888a88 17433->17434 17436 7ff7d78894b0 2 API calls 17434->17436 17437 7ff7d7888ac4 17435->17437 17438 7ff7d7888a9a 17436->17438 17437->17190 17439 7ff7d788c5c0 _log10_special 8 API calls 17438->17439 17440 7ff7d7888aaa 17439->17440 17440->17190 17442 7ff7d7889400 2 API calls 17441->17442 17443 7ff7d7888b4c 17442->17443 17444 7ff7d7889400 2 API calls 17443->17444 17445 7ff7d7888b5c 17444->17445 18282 7ff7d78982a8 17445->18282 17447 7ff7d7888b6a __std_exception_copy 17447->17201 17449 7ff7d78890f5 17448->17449 18300 7ff7d7888760 GetCurrentProcess OpenProcessToken 17449->18300 17452 7ff7d7888760 7 API calls 17453 7ff7d7889121 17452->17453 17454 7ff7d7889154 17453->17454 17455 7ff7d788913a 17453->17455 17457 7ff7d78826b0 48 API calls 17454->17457 17456 7ff7d78826b0 48 API calls 17455->17456 17458 7ff7d7889152 17456->17458 17459 7ff7d7889167 LocalFree LocalFree 17457->17459 17458->17459 17460 7ff7d7889183 17459->17460 17463 7ff7d788918f 17459->17463 18310 7ff7d7882b50 17460->18310 17462 7ff7d788c5c0 _log10_special 8 API calls 17464 7ff7d7883c55 17462->17464 17463->17462 17464->17234 17465 7ff7d7888850 17464->17465 17466 7ff7d7888868 17465->17466 17467 7ff7d78888ea GetTempPathW GetCurrentProcessId 17466->17467 17468 7ff7d788888c 17466->17468 18319 7ff7d78825c0 17467->18319 17470 7ff7d7888a20 14 API calls 17468->17470 17472 7ff7d7888898 17470->17472 17471 7ff7d7888918 __std_exception_copy 17483 7ff7d7888955 __std_exception_copy 17471->17483 18323 7ff7d7898bd8 17471->18323 18326 7ff7d78881c0 17472->18326 17489 7ff7d7889400 2 API calls 17483->17489 17497 7ff7d78889c4 __std_exception_copy 17483->17497 17484 7ff7d788c5c0 _log10_special 8 API calls 17485 7ff7d7883cbb 17484->17485 17485->17234 17485->17247 17490 7ff7d78889a1 17489->17490 17491 7ff7d78889a6 17490->17491 17492 7ff7d78889d9 17490->17492 17493 7ff7d7889400 2 API calls 17491->17493 17494 7ff7d78982a8 38 API calls 17492->17494 17494->17497 17497->17484 17499 7ff7d7889422 MultiByteToWideChar 17498->17499 17500 7ff7d7889446 17498->17500 17499->17500 17502 7ff7d788945c __std_exception_copy 17499->17502 17501 7ff7d7889463 MultiByteToWideChar 17500->17501 17500->17502 17501->17502 17502->17246 17515 7ff7d78833ce memcpy_s 17503->17515 17504 7ff7d788c5c0 _log10_special 8 API calls 17505 7ff7d7883664 17504->17505 17505->17253 17522 7ff7d78890c0 LocalFree 17505->17522 17506 7ff7d78835c7 17506->17504 17508 7ff7d7881c80 49 API calls 17508->17515 17509 7ff7d78835e2 17511 7ff7d7882710 54 API calls 17509->17511 17511->17506 17514 7ff7d78835c9 17516 7ff7d7882710 54 API calls 17514->17516 17515->17506 17515->17508 17515->17509 17515->17514 17517 7ff7d7882a50 54 API calls 17515->17517 17520 7ff7d78835d0 17515->17520 18488 7ff7d7884550 17515->18488 18494 7ff7d7887e10 17515->18494 18505 7ff7d7881600 17515->18505 18553 7ff7d7887110 17515->18553 18557 7ff7d7884180 17515->18557 18601 7ff7d7884440 17515->18601 17516->17506 17517->17515 17521 7ff7d7882710 54 API calls 17520->17521 17521->17506 17524 7ff7d7881ca5 17523->17524 17525 7ff7d78949f4 49 API calls 17524->17525 17526 7ff7d7881cc8 17525->17526 17526->17185 17528 7ff7d7889400 2 API calls 17527->17528 17529 7ff7d7888ba4 17528->17529 17530 7ff7d78982a8 38 API calls 17529->17530 17531 7ff7d7888bb6 __std_exception_copy 17530->17531 17531->17197 17533 7ff7d78845bc 17532->17533 17534 7ff7d7889400 2 API calls 17533->17534 17535 7ff7d78845e4 17534->17535 17536 7ff7d7889400 2 API calls 17535->17536 17537 7ff7d78845f7 17536->17537 18768 7ff7d7896004 17537->18768 17540 7ff7d788c5c0 _log10_special 8 API calls 17541 7ff7d788392b 17540->17541 17541->17186 17542 7ff7d7887f80 17541->17542 17543 7ff7d7887fa4 17542->17543 17544 7ff7d7890744 73 API calls 17543->17544 17549 7ff7d788807b __std_exception_copy 17543->17549 17545 7ff7d7887fc0 17544->17545 17545->17549 19159 7ff7d7897938 17545->19159 17547 7ff7d7890744 73 API calls 17550 7ff7d7887fd5 17547->17550 17548 7ff7d789040c _fread_nolock 53 API calls 17548->17550 17549->17191 17550->17547 17550->17548 17550->17549 17552 7ff7d78900ec 17551->17552 19174 7ff7d788fe98 17552->19174 17554 7ff7d7890105 17554->17186 17556 7ff7d788c8c0 17555->17556 17557 7ff7d7882734 GetCurrentProcessId 17556->17557 17558 7ff7d7881c80 49 API calls 17557->17558 17559 7ff7d7882787 17558->17559 17560 7ff7d78949f4 49 API calls 17559->17560 17561 7ff7d78827cf 17560->17561 17562 7ff7d7882620 12 API calls 17561->17562 17563 7ff7d78827f1 17562->17563 17564 7ff7d788c5c0 _log10_special 8 API calls 17563->17564 17565 7ff7d7882801 17564->17565 17565->17253 17567 7ff7d7881c80 49 API calls 17566->17567 17568 7ff7d78844ed 17567->17568 17568->17229 17570 7ff7d7881c80 49 API calls 17569->17570 17571 7ff7d7884650 17570->17571 17571->17247 17573 7ff7d7886dc5 17572->17573 17574 7ff7d7883e6c 17573->17574 17575 7ff7d7894f78 _get_daylight 11 API calls 17573->17575 17578 7ff7d7887330 17574->17578 17576 7ff7d7886dd2 17575->17576 17577 7ff7d7882910 54 API calls 17576->17577 17577->17574 19185 7ff7d7881470 17578->19185 17580 7ff7d7887358 19291 7ff7d7886350 17646->19291 17654 7ff7d7883399 17655 7ff7d7883670 17654->17655 17666 7ff7d78954dc EnterCriticalSection 17659->17666 17668 7ff7d78836bc GetModuleFileNameW 17667->17668 17668->17359 17668->17360 17670 7ff7d788932f FindClose 17669->17670 17671 7ff7d7889342 17669->17671 17670->17671 17672 7ff7d788c5c0 _log10_special 8 API calls 17671->17672 17673 7ff7d788371a 17672->17673 17673->17365 17673->17366 17675 7ff7d788c8c0 17674->17675 17676 7ff7d7882c70 GetCurrentProcessId 17675->17676 17705 7ff7d78826b0 17676->17705 17678 7ff7d7882cb9 17709 7ff7d7894c48 17678->17709 17681 7ff7d78826b0 48 API calls 17682 7ff7d7882d34 FormatMessageW 17681->17682 17684 7ff7d7882d6d 17682->17684 17685 7ff7d7882d7f MessageBoxW 17682->17685 17686 7ff7d78826b0 48 API calls 17684->17686 17687 7ff7d788c5c0 _log10_special 8 API calls 17685->17687 17686->17685 17688 7ff7d7882daf 17687->17688 17688->17364 17690 7ff7d78893b0 GetFinalPathNameByHandleW CloseHandle 17689->17690 17691 7ff7d7883730 17689->17691 17690->17691 17691->17373 17691->17374 17693 7ff7d7882834 17692->17693 17694 7ff7d78826b0 48 API calls 17693->17694 17695 7ff7d7882887 17694->17695 17696 7ff7d7894c48 48 API calls 17695->17696 17697 7ff7d78828d0 MessageBoxW 17696->17697 17698 7ff7d788c5c0 _log10_special 8 API calls 17697->17698 17699 7ff7d7882900 17698->17699 17699->17364 17701 7ff7d78894da WideCharToMultiByte 17700->17701 17702 7ff7d7889505 17700->17702 17701->17702 17704 7ff7d788951b __std_exception_copy 17701->17704 17703 7ff7d7889522 WideCharToMultiByte 17702->17703 17702->17704 17703->17704 17704->17370 17706 7ff7d78826d5 17705->17706 17707 7ff7d7894c48 48 API calls 17706->17707 17708 7ff7d78826f8 17707->17708 17708->17678 17711 7ff7d7894ca2 17709->17711 17710 7ff7d7894cc7 17712 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 17710->17712 17711->17710 17713 7ff7d7894d03 17711->17713 17715 7ff7d7894cf1 17712->17715 17727 7ff7d7893000 17713->17727 17717 7ff7d788c5c0 _log10_special 8 API calls 17715->17717 17716 7ff7d7894de4 17718 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17716->17718 17719 7ff7d7882d04 17717->17719 17718->17715 17719->17681 17721 7ff7d7894db9 17724 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17721->17724 17722 7ff7d7894e0a 17722->17716 17723 7ff7d7894e14 17722->17723 17726 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17723->17726 17724->17715 17725 7ff7d7894db0 17725->17716 17725->17721 17726->17715 17728 7ff7d789303e 17727->17728 17729 7ff7d789302e 17727->17729 17730 7ff7d7893047 17728->17730 17734 7ff7d7893075 17728->17734 17731 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 17729->17731 17732 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 17730->17732 17733 7ff7d789306d 17731->17733 17732->17733 17733->17716 17733->17721 17733->17722 17733->17725 17734->17729 17734->17733 17738 7ff7d7893a14 17734->17738 17771 7ff7d7893460 17734->17771 17808 7ff7d7892bf0 17734->17808 17739 7ff7d7893a56 17738->17739 17740 7ff7d7893ac7 17738->17740 17741 7ff7d7893af1 17739->17741 17742 7ff7d7893a5c 17739->17742 17743 7ff7d7893b20 17740->17743 17744 7ff7d7893acc 17740->17744 17831 7ff7d7891dc4 17741->17831 17745 7ff7d7893a90 17742->17745 17746 7ff7d7893a61 17742->17746 17750 7ff7d7893b37 17743->17750 17752 7ff7d7893b2a 17743->17752 17756 7ff7d7893b2f 17743->17756 17747 7ff7d7893b01 17744->17747 17748 7ff7d7893ace 17744->17748 17753 7ff7d7893a67 17745->17753 17745->17756 17746->17750 17746->17753 17838 7ff7d78919b4 17747->17838 17751 7ff7d7893a70 17748->17751 17760 7ff7d7893add 17748->17760 17845 7ff7d789471c 17750->17845 17769 7ff7d7893b60 17751->17769 17811 7ff7d78941c8 17751->17811 17752->17741 17752->17756 17753->17751 17759 7ff7d7893aa2 17753->17759 17767 7ff7d7893a8b 17753->17767 17756->17769 17849 7ff7d78921d4 17756->17849 17759->17769 17821 7ff7d7894504 17759->17821 17760->17741 17762 7ff7d7893ae2 17760->17762 17762->17769 17827 7ff7d78945c8 17762->17827 17763 7ff7d788c5c0 _log10_special 8 API calls 17764 7ff7d7893e5a 17763->17764 17764->17734 17767->17769 17770 7ff7d7893d4c 17767->17770 17856 7ff7d7894830 17767->17856 17769->17763 17770->17769 17862 7ff7d789ea78 17770->17862 17772 7ff7d7893484 17771->17772 17773 7ff7d789346e 17771->17773 17774 7ff7d78934c4 17772->17774 17777 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 17772->17777 17773->17774 17775 7ff7d7893a56 17773->17775 17776 7ff7d7893ac7 17773->17776 17774->17734 17778 7ff7d7893af1 17775->17778 17779 7ff7d7893a5c 17775->17779 17780 7ff7d7893b20 17776->17780 17781 7ff7d7893acc 17776->17781 17777->17774 17786 7ff7d7891dc4 38 API calls 17778->17786 17782 7ff7d7893a90 17779->17782 17783 7ff7d7893a61 17779->17783 17787 7ff7d7893b37 17780->17787 17789 7ff7d7893b2a 17780->17789 17793 7ff7d7893b2f 17780->17793 17784 7ff7d7893b01 17781->17784 17785 7ff7d7893ace 17781->17785 17790 7ff7d7893a67 17782->17790 17782->17793 17783->17787 17783->17790 17791 7ff7d78919b4 38 API calls 17784->17791 17788 7ff7d7893a70 17785->17788 17796 7ff7d7893add 17785->17796 17803 7ff7d7893a8b 17786->17803 17794 7ff7d789471c 45 API calls 17787->17794 17792 7ff7d78941c8 47 API calls 17788->17792 17806 7ff7d7893b60 17788->17806 17789->17778 17789->17793 17790->17788 17797 7ff7d7893aa2 17790->17797 17790->17803 17791->17803 17792->17803 17795 7ff7d78921d4 38 API calls 17793->17795 17793->17806 17794->17803 17795->17803 17796->17778 17799 7ff7d7893ae2 17796->17799 17798 7ff7d7894504 46 API calls 17797->17798 17797->17806 17798->17803 17801 7ff7d78945c8 37 API calls 17799->17801 17799->17806 17800 7ff7d788c5c0 _log10_special 8 API calls 17802 7ff7d7893e5a 17800->17802 17801->17803 17802->17734 17804 7ff7d7894830 45 API calls 17803->17804 17803->17806 17807 7ff7d7893d4c 17803->17807 17804->17807 17805 7ff7d789ea78 46 API calls 17805->17807 17806->17800 17807->17805 17807->17806 18028 7ff7d7891038 17808->18028 17812 7ff7d78941ee 17811->17812 17874 7ff7d7890bf0 17812->17874 17817 7ff7d7894333 17818 7ff7d78943c1 17817->17818 17820 7ff7d7894830 45 API calls 17817->17820 17818->17767 17819 7ff7d7894830 45 API calls 17819->17817 17820->17818 17822 7ff7d7894539 17821->17822 17823 7ff7d7894557 17822->17823 17825 7ff7d7894830 45 API calls 17822->17825 17826 7ff7d789457e 17822->17826 17824 7ff7d789ea78 46 API calls 17823->17824 17824->17826 17825->17823 17826->17767 17830 7ff7d78945e9 17827->17830 17828 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 17829 7ff7d789461a 17828->17829 17829->17767 17830->17828 17830->17829 17832 7ff7d7891df7 17831->17832 17833 7ff7d7891e26 17832->17833 17835 7ff7d7891ee3 17832->17835 17837 7ff7d7891e63 17833->17837 18001 7ff7d7890c98 17833->18001 17836 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 17835->17836 17836->17837 17837->17767 17839 7ff7d78919e7 17838->17839 17840 7ff7d7891a16 17839->17840 17842 7ff7d7891ad3 17839->17842 17841 7ff7d7890c98 12 API calls 17840->17841 17844 7ff7d7891a53 17840->17844 17841->17844 17843 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 17842->17843 17843->17844 17844->17767 17846 7ff7d789475f 17845->17846 17847 7ff7d7894763 __crtLCMapStringW 17846->17847 18009 7ff7d78947b8 17846->18009 17847->17767 17851 7ff7d7892207 17849->17851 17850 7ff7d7892236 17852 7ff7d7890c98 12 API calls 17850->17852 17855 7ff7d7892273 17850->17855 17851->17850 17853 7ff7d78922f3 17851->17853 17852->17855 17854 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 17853->17854 17854->17855 17855->17767 17857 7ff7d7894847 17856->17857 18013 7ff7d789da28 17857->18013 17863 7ff7d789eaa9 17862->17863 17872 7ff7d789eab7 17862->17872 17864 7ff7d789ead7 17863->17864 17865 7ff7d7894830 45 API calls 17863->17865 17863->17872 17866 7ff7d789eb0f 17864->17866 17867 7ff7d789eae8 17864->17867 17865->17864 17869 7ff7d789eb9a 17866->17869 17870 7ff7d789eb39 17866->17870 17866->17872 18021 7ff7d78a0110 17867->18021 17871 7ff7d789f910 _fread_nolock MultiByteToWideChar 17869->17871 17870->17872 17873 7ff7d789f910 _fread_nolock MultiByteToWideChar 17870->17873 17871->17872 17872->17770 17873->17872 17875 7ff7d7890c27 17874->17875 17881 7ff7d7890c16 17874->17881 17876 7ff7d789d66c _fread_nolock 12 API calls 17875->17876 17875->17881 17877 7ff7d7890c54 17876->17877 17878 7ff7d7890c68 17877->17878 17879 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17877->17879 17880 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17878->17880 17879->17878 17880->17881 17882 7ff7d789e5e0 17881->17882 17883 7ff7d789e630 17882->17883 17884 7ff7d789e5fd 17882->17884 17883->17884 17887 7ff7d789e662 17883->17887 17885 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 17884->17885 17886 7ff7d7894311 17885->17886 17886->17817 17886->17819 17892 7ff7d789e775 17887->17892 17899 7ff7d789e6aa 17887->17899 17888 7ff7d789e867 17928 7ff7d789dacc 17888->17928 17890 7ff7d789e82d 17921 7ff7d789de64 17890->17921 17892->17888 17892->17890 17893 7ff7d789e7fc 17892->17893 17895 7ff7d789e7bf 17892->17895 17896 7ff7d789e7b5 17892->17896 17914 7ff7d789e144 17893->17914 17904 7ff7d789e374 17895->17904 17896->17890 17898 7ff7d789e7ba 17896->17898 17898->17893 17898->17895 17899->17886 17900 7ff7d789a514 __std_exception_copy 37 API calls 17899->17900 17901 7ff7d789e762 17900->17901 17901->17886 17902 7ff7d789a970 _isindst 17 API calls 17901->17902 17903 7ff7d789e8c4 17902->17903 17937 7ff7d78a411c 17904->17937 17908 7ff7d789e41c 17909 7ff7d789e471 17908->17909 17911 7ff7d789e43c 17908->17911 17913 7ff7d789e420 17908->17913 17990 7ff7d789df60 17909->17990 17986 7ff7d789e21c 17911->17986 17913->17886 17915 7ff7d78a411c 38 API calls 17914->17915 17916 7ff7d789e18e 17915->17916 17917 7ff7d78a3b64 37 API calls 17916->17917 17918 7ff7d789e1de 17917->17918 17919 7ff7d789e1e2 17918->17919 17920 7ff7d789e21c 45 API calls 17918->17920 17919->17886 17920->17919 17922 7ff7d78a411c 38 API calls 17921->17922 17923 7ff7d789deaf 17922->17923 17924 7ff7d78a3b64 37 API calls 17923->17924 17925 7ff7d789df07 17924->17925 17926 7ff7d789df0b 17925->17926 17927 7ff7d789df60 45 API calls 17925->17927 17926->17886 17927->17926 17929 7ff7d789db11 17928->17929 17930 7ff7d789db44 17928->17930 17931 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 17929->17931 17932 7ff7d789db5c 17930->17932 17934 7ff7d789dbdd 17930->17934 17936 7ff7d789db3d memcpy_s 17931->17936 17933 7ff7d789de64 46 API calls 17932->17933 17933->17936 17935 7ff7d7894830 45 API calls 17934->17935 17934->17936 17935->17936 17936->17886 17938 7ff7d78a416f fegetenv 17937->17938 17939 7ff7d78a7e9c 37 API calls 17938->17939 17945 7ff7d78a41c2 17939->17945 17940 7ff7d78a41ef 17944 7ff7d789a514 __std_exception_copy 37 API calls 17940->17944 17941 7ff7d78a42b2 17942 7ff7d78a7e9c 37 API calls 17941->17942 17943 7ff7d78a42dc 17942->17943 17948 7ff7d78a7e9c 37 API calls 17943->17948 17949 7ff7d78a426d 17944->17949 17945->17941 17946 7ff7d78a41dd 17945->17946 17947 7ff7d78a428c 17945->17947 17946->17940 17946->17941 17952 7ff7d789a514 __std_exception_copy 37 API calls 17947->17952 17950 7ff7d78a42ed 17948->17950 17951 7ff7d78a5394 17949->17951 17957 7ff7d78a4275 17949->17957 17953 7ff7d78a8090 20 API calls 17950->17953 17954 7ff7d789a970 _isindst 17 API calls 17951->17954 17952->17949 17955 7ff7d78a4356 memcpy_s 17953->17955 17956 7ff7d78a53a9 17954->17956 17960 7ff7d78a46ff memcpy_s 17955->17960 17962 7ff7d78a4397 memcpy_s 17955->17962 17966 7ff7d7894f78 _get_daylight 11 API calls 17955->17966 17958 7ff7d788c5c0 _log10_special 8 API calls 17957->17958 17959 7ff7d789e3c1 17958->17959 17982 7ff7d78a3b64 17959->17982 17961 7ff7d78a4a3f 17963 7ff7d78a3c80 37 API calls 17961->17963 17977 7ff7d78a4cdb memcpy_s 17962->17977 17978 7ff7d78a47f3 memcpy_s 17962->17978 17968 7ff7d78a5157 17963->17968 17964 7ff7d78a49eb 17964->17961 17965 7ff7d78a53ac memcpy_s 37 API calls 17964->17965 17965->17961 17967 7ff7d78a47d0 17966->17967 17969 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 17967->17969 17971 7ff7d78a53ac memcpy_s 37 API calls 17968->17971 17975 7ff7d78a51b2 17968->17975 17969->17962 17970 7ff7d78a5338 17972 7ff7d78a7e9c 37 API calls 17970->17972 17971->17975 17972->17957 17973 7ff7d7894f78 11 API calls _get_daylight 17973->17977 17974 7ff7d7894f78 11 API calls _get_daylight 17974->17978 17975->17970 17979 7ff7d78a3c80 37 API calls 17975->17979 17981 7ff7d78a53ac memcpy_s 37 API calls 17975->17981 17976 7ff7d789a950 37 API calls _invalid_parameter_noinfo 17976->17978 17977->17961 17977->17964 17977->17973 17980 7ff7d789a950 37 API calls _invalid_parameter_noinfo 17977->17980 17978->17964 17978->17974 17978->17976 17979->17975 17980->17977 17981->17975 17983 7ff7d78a3b83 17982->17983 17984 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 17983->17984 17985 7ff7d78a3bae memcpy_s 17983->17985 17984->17985 17985->17908 17987 7ff7d789e248 memcpy_s 17986->17987 17988 7ff7d7894830 45 API calls 17987->17988 17989 7ff7d789e302 memcpy_s 17987->17989 17988->17989 17989->17913 17991 7ff7d789df9b 17990->17991 17995 7ff7d789dfe8 memcpy_s 17990->17995 17992 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 17991->17992 17993 7ff7d789dfc7 17992->17993 17993->17913 17994 7ff7d789e053 17996 7ff7d789a514 __std_exception_copy 37 API calls 17994->17996 17995->17994 17997 7ff7d7894830 45 API calls 17995->17997 18000 7ff7d789e095 memcpy_s 17996->18000 17997->17994 17998 7ff7d789a970 _isindst 17 API calls 17999 7ff7d789e140 17998->17999 18000->17998 18002 7ff7d7890ccf 18001->18002 18008 7ff7d7890cbe 18001->18008 18003 7ff7d789d66c _fread_nolock 12 API calls 18002->18003 18002->18008 18004 7ff7d7890d00 18003->18004 18005 7ff7d7890d14 18004->18005 18006 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18004->18006 18007 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18005->18007 18006->18005 18007->18008 18008->17837 18010 7ff7d78947d6 18009->18010 18012 7ff7d78947de 18009->18012 18011 7ff7d7894830 45 API calls 18010->18011 18011->18012 18012->17847 18014 7ff7d789486f 18013->18014 18015 7ff7d789da41 18013->18015 18017 7ff7d789da94 18014->18017 18015->18014 18016 7ff7d78a3374 45 API calls 18015->18016 18016->18014 18018 7ff7d789487f 18017->18018 18019 7ff7d789daad 18017->18019 18018->17770 18019->18018 18020 7ff7d78a26c0 45 API calls 18019->18020 18020->18018 18024 7ff7d78a6df8 18021->18024 18027 7ff7d78a6e5c 18024->18027 18025 7ff7d788c5c0 _log10_special 8 API calls 18026 7ff7d78a012d 18025->18026 18026->17872 18027->18025 18029 7ff7d789107f 18028->18029 18030 7ff7d789106d 18028->18030 18033 7ff7d789108d 18029->18033 18036 7ff7d78910c9 18029->18036 18031 7ff7d7894f78 _get_daylight 11 API calls 18030->18031 18032 7ff7d7891072 18031->18032 18034 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 18032->18034 18035 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 18033->18035 18042 7ff7d789107d 18034->18042 18035->18042 18037 7ff7d7891445 18036->18037 18038 7ff7d7894f78 _get_daylight 11 API calls 18036->18038 18039 7ff7d7894f78 _get_daylight 11 API calls 18037->18039 18037->18042 18041 7ff7d789143a 18038->18041 18040 7ff7d78916d9 18039->18040 18043 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 18040->18043 18044 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 18041->18044 18042->17734 18043->18042 18044->18037 18046 7ff7d7890774 18045->18046 18073 7ff7d78904d4 18046->18073 18048 7ff7d789078d 18048->17388 18085 7ff7d789042c 18049->18085 18053 7ff7d788c8c0 18052->18053 18054 7ff7d7882930 GetCurrentProcessId 18053->18054 18055 7ff7d7881c80 49 API calls 18054->18055 18056 7ff7d7882979 18055->18056 18099 7ff7d78949f4 18056->18099 18061 7ff7d7881c80 49 API calls 18062 7ff7d78829ff 18061->18062 18129 7ff7d7882620 18062->18129 18065 7ff7d788c5c0 _log10_special 8 API calls 18066 7ff7d7882a31 18065->18066 18066->17427 18068 7ff7d7890189 18067->18068 18069 7ff7d7881b89 18067->18069 18070 7ff7d7894f78 _get_daylight 11 API calls 18068->18070 18069->17426 18069->17427 18071 7ff7d789018e 18070->18071 18072 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 18071->18072 18072->18069 18074 7ff7d789053e 18073->18074 18075 7ff7d78904fe 18073->18075 18074->18075 18076 7ff7d789054a 18074->18076 18077 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 18075->18077 18084 7ff7d78954dc EnterCriticalSection 18076->18084 18083 7ff7d7890525 18077->18083 18083->18048 18086 7ff7d7890456 18085->18086 18097 7ff7d7881a20 18085->18097 18087 7ff7d78904a2 18086->18087 18088 7ff7d7890465 memcpy_s 18086->18088 18086->18097 18098 7ff7d78954dc EnterCriticalSection 18087->18098 18090 7ff7d7894f78 _get_daylight 11 API calls 18088->18090 18092 7ff7d789047a 18090->18092 18094 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 18092->18094 18094->18097 18097->17396 18097->17397 18103 7ff7d7894a4e 18099->18103 18100 7ff7d7894a73 18101 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 18100->18101 18105 7ff7d7894a9d 18101->18105 18102 7ff7d7894aaf 18138 7ff7d7892c80 18102->18138 18103->18100 18103->18102 18106 7ff7d788c5c0 _log10_special 8 API calls 18105->18106 18108 7ff7d78829c3 18106->18108 18107 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18107->18105 18117 7ff7d78951d0 18108->18117 18110 7ff7d7894bb0 18111 7ff7d7894bba 18110->18111 18116 7ff7d7894b8c 18110->18116 18114 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18111->18114 18112 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18112->18105 18113 7ff7d7894b58 18115 7ff7d7894b61 18113->18115 18113->18116 18114->18105 18115->18112 18116->18107 18118 7ff7d789b338 _get_daylight 11 API calls 18117->18118 18119 7ff7d78951e7 18118->18119 18120 7ff7d78829e5 18119->18120 18121 7ff7d789ec08 _get_daylight 11 API calls 18119->18121 18124 7ff7d7895227 18119->18124 18120->18061 18122 7ff7d789521c 18121->18122 18123 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18122->18123 18123->18124 18124->18120 18273 7ff7d789ec90 18124->18273 18127 7ff7d789a970 _isindst 17 API calls 18128 7ff7d789526c 18127->18128 18130 7ff7d788262f 18129->18130 18131 7ff7d7889400 2 API calls 18130->18131 18132 7ff7d7882660 18131->18132 18133 7ff7d7882683 MessageBoxA 18132->18133 18134 7ff7d788266f MessageBoxW 18132->18134 18135 7ff7d7882690 18133->18135 18134->18135 18136 7ff7d788c5c0 _log10_special 8 API calls 18135->18136 18137 7ff7d78826a0 18136->18137 18137->18065 18139 7ff7d7892cbe 18138->18139 18140 7ff7d7892cae 18138->18140 18141 7ff7d7892cc7 18139->18141 18146 7ff7d7892cf5 18139->18146 18144 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 18140->18144 18142 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 18141->18142 18143 7ff7d7892ced 18142->18143 18143->18110 18143->18113 18143->18115 18143->18116 18144->18143 18145 7ff7d7894830 45 API calls 18145->18146 18146->18140 18146->18143 18146->18145 18148 7ff7d7892fa4 18146->18148 18152 7ff7d7893610 18146->18152 18178 7ff7d78932d8 18146->18178 18208 7ff7d7892b60 18146->18208 18150 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 18148->18150 18150->18140 18153 7ff7d7893652 18152->18153 18154 7ff7d78936c5 18152->18154 18157 7ff7d78936ef 18153->18157 18158 7ff7d7893658 18153->18158 18155 7ff7d789371f 18154->18155 18156 7ff7d78936ca 18154->18156 18155->18157 18167 7ff7d789372e 18155->18167 18176 7ff7d7893688 18155->18176 18159 7ff7d78936ff 18156->18159 18160 7ff7d78936cc 18156->18160 18225 7ff7d7891bc0 18157->18225 18165 7ff7d789365d 18158->18165 18158->18167 18232 7ff7d78917b0 18159->18232 18161 7ff7d789366d 18160->18161 18166 7ff7d78936db 18160->18166 18177 7ff7d789375d 18161->18177 18211 7ff7d7893f74 18161->18211 18165->18161 18168 7ff7d78936a0 18165->18168 18165->18176 18166->18157 18170 7ff7d78936e0 18166->18170 18167->18177 18239 7ff7d7891fd0 18167->18239 18168->18177 18221 7ff7d7894430 18168->18221 18173 7ff7d78945c8 37 API calls 18170->18173 18170->18177 18172 7ff7d788c5c0 _log10_special 8 API calls 18174 7ff7d78939f3 18172->18174 18173->18176 18174->18146 18176->18177 18246 7ff7d789e8c8 18176->18246 18177->18172 18179 7ff7d78932e3 18178->18179 18180 7ff7d78932f9 18178->18180 18182 7ff7d7893337 18179->18182 18183 7ff7d7893652 18179->18183 18184 7ff7d78936c5 18179->18184 18181 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 18180->18181 18180->18182 18181->18182 18182->18146 18187 7ff7d78936ef 18183->18187 18188 7ff7d7893658 18183->18188 18185 7ff7d789371f 18184->18185 18186 7ff7d78936ca 18184->18186 18185->18187 18196 7ff7d789372e 18185->18196 18206 7ff7d7893688 18185->18206 18189 7ff7d78936ff 18186->18189 18190 7ff7d78936cc 18186->18190 18192 7ff7d7891bc0 38 API calls 18187->18192 18195 7ff7d789365d 18188->18195 18188->18196 18193 7ff7d78917b0 38 API calls 18189->18193 18191 7ff7d789366d 18190->18191 18199 7ff7d78936db 18190->18199 18194 7ff7d7893f74 47 API calls 18191->18194 18207 7ff7d789375d 18191->18207 18192->18206 18193->18206 18194->18206 18195->18191 18197 7ff7d78936a0 18195->18197 18195->18206 18198 7ff7d7891fd0 38 API calls 18196->18198 18196->18207 18200 7ff7d7894430 47 API calls 18197->18200 18197->18207 18198->18206 18199->18187 18201 7ff7d78936e0 18199->18201 18200->18206 18203 7ff7d78945c8 37 API calls 18201->18203 18201->18207 18202 7ff7d788c5c0 _log10_special 8 API calls 18204 7ff7d78939f3 18202->18204 18203->18206 18204->18146 18205 7ff7d789e8c8 47 API calls 18205->18206 18206->18205 18206->18207 18207->18202 18256 7ff7d7890d84 18208->18256 18212 7ff7d7893f96 18211->18212 18213 7ff7d7890bf0 12 API calls 18212->18213 18214 7ff7d7893fde 18213->18214 18215 7ff7d789e5e0 46 API calls 18214->18215 18216 7ff7d78940b1 18215->18216 18217 7ff7d7894830 45 API calls 18216->18217 18218 7ff7d78940d3 18216->18218 18217->18218 18219 7ff7d7894830 45 API calls 18218->18219 18220 7ff7d789415c 18218->18220 18219->18220 18220->18176 18222 7ff7d7894448 18221->18222 18223 7ff7d78944b0 18221->18223 18222->18223 18224 7ff7d789e8c8 47 API calls 18222->18224 18223->18176 18224->18223 18226 7ff7d7891bf3 18225->18226 18227 7ff7d7891c22 18226->18227 18229 7ff7d7891cdf 18226->18229 18228 7ff7d7890bf0 12 API calls 18227->18228 18231 7ff7d7891c5f 18227->18231 18228->18231 18230 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 18229->18230 18230->18231 18231->18176 18233 7ff7d78917e3 18232->18233 18234 7ff7d7891812 18233->18234 18236 7ff7d78918cf 18233->18236 18235 7ff7d7890bf0 12 API calls 18234->18235 18238 7ff7d789184f 18234->18238 18235->18238 18237 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 18236->18237 18237->18238 18238->18176 18240 7ff7d7892003 18239->18240 18241 7ff7d7892032 18240->18241 18243 7ff7d78920ef 18240->18243 18242 7ff7d7890bf0 12 API calls 18241->18242 18245 7ff7d789206f 18241->18245 18242->18245 18244 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 18243->18244 18244->18245 18245->18176 18247 7ff7d789e8f0 18246->18247 18248 7ff7d789e935 18247->18248 18250 7ff7d7894830 45 API calls 18247->18250 18252 7ff7d789e8f5 memcpy_s 18247->18252 18255 7ff7d789e91e memcpy_s 18247->18255 18251 7ff7d78a0858 WideCharToMultiByte 18248->18251 18248->18252 18248->18255 18249 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 18249->18252 18250->18248 18253 7ff7d789ea11 18251->18253 18252->18176 18253->18252 18254 7ff7d789ea26 GetLastError 18253->18254 18254->18252 18254->18255 18255->18249 18255->18252 18257 7ff7d7890db1 18256->18257 18258 7ff7d7890dc3 18256->18258 18259 7ff7d7894f78 _get_daylight 11 API calls 18257->18259 18261 7ff7d7890dd0 18258->18261 18264 7ff7d7890e0d 18258->18264 18260 7ff7d7890db6 18259->18260 18262 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 18260->18262 18263 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 18261->18263 18269 7ff7d7890dc1 18262->18269 18263->18269 18265 7ff7d7890eb6 18264->18265 18267 7ff7d7894f78 _get_daylight 11 API calls 18264->18267 18266 7ff7d7894f78 _get_daylight 11 API calls 18265->18266 18265->18269 18268 7ff7d7890f60 18266->18268 18270 7ff7d7890eab 18267->18270 18271 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 18268->18271 18269->18146 18272 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 18270->18272 18271->18269 18272->18265 18275 7ff7d789ecad 18273->18275 18274 7ff7d7894f78 _get_daylight 11 API calls 18276 7ff7d789ecbc 18274->18276 18277 7ff7d789524d 18275->18277 18278 7ff7d789ecb2 18275->18278 18280 7ff7d789ecfc 18275->18280 18279 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 18276->18279 18277->18120 18277->18127 18278->18274 18278->18277 18279->18277 18280->18277 18281 7ff7d7894f78 _get_daylight 11 API calls 18280->18281 18281->18276 18283 7ff7d78982b5 18282->18283 18284 7ff7d78982c8 18282->18284 18285 7ff7d7894f78 _get_daylight 11 API calls 18283->18285 18292 7ff7d7897f2c 18284->18292 18287 7ff7d78982ba 18285->18287 18289 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 18287->18289 18290 7ff7d78982c6 18289->18290 18290->17447 18299 7ff7d78a0348 EnterCriticalSection 18292->18299 18301 7ff7d78887a1 GetTokenInformation 18300->18301 18302 7ff7d7888823 __std_exception_copy 18300->18302 18303 7ff7d78887c2 GetLastError 18301->18303 18304 7ff7d78887cd 18301->18304 18305 7ff7d7888836 CloseHandle 18302->18305 18306 7ff7d788883c 18302->18306 18303->18302 18303->18304 18304->18302 18307 7ff7d78887e9 GetTokenInformation 18304->18307 18305->18306 18306->17452 18307->18302 18308 7ff7d788880c 18307->18308 18308->18302 18309 7ff7d7888816 ConvertSidToStringSidW 18308->18309 18309->18302 18311 7ff7d788c8c0 18310->18311 18312 7ff7d7882b74 GetCurrentProcessId 18311->18312 18313 7ff7d78826b0 48 API calls 18312->18313 18314 7ff7d7882bc7 18313->18314 18315 7ff7d7894c48 48 API calls 18314->18315 18316 7ff7d7882c10 MessageBoxW 18315->18316 18317 7ff7d788c5c0 _log10_special 8 API calls 18316->18317 18318 7ff7d7882c40 18317->18318 18318->17463 18320 7ff7d78825e5 18319->18320 18321 7ff7d7894c48 48 API calls 18320->18321 18322 7ff7d7882604 18321->18322 18322->17471 18358 7ff7d7898804 18323->18358 18327 7ff7d78881cc 18326->18327 18328 7ff7d7889400 2 API calls 18327->18328 18329 7ff7d78881eb 18328->18329 18330 7ff7d78881f3 18329->18330 18331 7ff7d7888206 ExpandEnvironmentStringsW 18329->18331 18332 7ff7d7882810 49 API calls 18330->18332 18333 7ff7d788822c __std_exception_copy 18331->18333 18357 7ff7d78881ff __std_exception_copy 18332->18357 18334 7ff7d7888230 18333->18334 18335 7ff7d7888243 18333->18335 18336 7ff7d788c5c0 _log10_special 8 API calls 18357->18336 18399 7ff7d78a15c8 18358->18399 18458 7ff7d78a1340 18399->18458 18479 7ff7d78a0348 EnterCriticalSection 18458->18479 18489 7ff7d788455a 18488->18489 18490 7ff7d7889400 2 API calls 18489->18490 18491 7ff7d788457f 18490->18491 18492 7ff7d788c5c0 _log10_special 8 API calls 18491->18492 18493 7ff7d78845a7 18492->18493 18493->17515 18495 7ff7d7887e1e 18494->18495 18496 7ff7d7881c80 49 API calls 18495->18496 18499 7ff7d7887f42 18495->18499 18502 7ff7d7887ea5 18496->18502 18497 7ff7d788c5c0 _log10_special 8 API calls 18498 7ff7d7887f73 18497->18498 18498->17515 18499->18497 18500 7ff7d7881c80 49 API calls 18500->18502 18501 7ff7d7884550 10 API calls 18501->18502 18502->18499 18502->18500 18502->18501 18503 7ff7d7889400 2 API calls 18502->18503 18504 7ff7d7887f13 CreateDirectoryW 18503->18504 18504->18499 18504->18502 18506 7ff7d7881637 18505->18506 18507 7ff7d7881613 18505->18507 18508 7ff7d78845b0 108 API calls 18506->18508 18626 7ff7d7881050 18507->18626 18510 7ff7d788164b 18508->18510 18512 7ff7d7881653 18510->18512 18513 7ff7d7881682 18510->18513 18511 7ff7d7881618 18514 7ff7d788162e 18511->18514 18517 7ff7d7882710 54 API calls 18511->18517 18515 7ff7d7894f78 _get_daylight 11 API calls 18512->18515 18516 7ff7d78845b0 108 API calls 18513->18516 18514->17515 18518 7ff7d7881658 18515->18518 18519 7ff7d7881696 18516->18519 18517->18514 18520 7ff7d7882910 54 API calls 18518->18520 18521 7ff7d788169e 18519->18521 18522 7ff7d78816b8 18519->18522 18524 7ff7d7881671 18520->18524 18525 7ff7d7882710 54 API calls 18521->18525 18523 7ff7d7890744 73 API calls 18522->18523 18526 7ff7d78816cd 18523->18526 18524->17515 18527 7ff7d78816ae 18525->18527 18528 7ff7d78816f9 18526->18528 18529 7ff7d78816d1 18526->18529 18554 7ff7d788717b 18553->18554 18556 7ff7d7887134 18553->18556 18554->17515 18556->18554 18690 7ff7d7895094 18556->18690 18558 7ff7d7884191 18557->18558 18559 7ff7d78844d0 49 API calls 18558->18559 18560 7ff7d78841cb 18559->18560 18561 7ff7d78844d0 49 API calls 18560->18561 18562 7ff7d78841db 18561->18562 18563 7ff7d78841fd 18562->18563 18564 7ff7d788422c 18562->18564 18705 7ff7d7884100 18563->18705 18566 7ff7d7884100 51 API calls 18564->18566 18567 7ff7d788422a 18566->18567 18568 7ff7d788428c 18567->18568 18569 7ff7d7884257 18567->18569 18570 7ff7d7884100 51 API calls 18568->18570 18712 7ff7d7887ce0 18569->18712 18602 7ff7d7881c80 49 API calls 18601->18602 18603 7ff7d7884464 18602->18603 18603->17515 18627 7ff7d78845b0 108 API calls 18626->18627 18628 7ff7d788108c 18627->18628 18629 7ff7d78810a9 18628->18629 18630 7ff7d7881094 18628->18630 18632 7ff7d7890744 73 API calls 18629->18632 18631 7ff7d7882710 54 API calls 18630->18631 18638 7ff7d78810a4 __std_exception_copy 18631->18638 18633 7ff7d78810bf 18632->18633 18634 7ff7d78810e6 18633->18634 18635 7ff7d78810c3 18633->18635 18640 7ff7d78810f7 18634->18640 18641 7ff7d7881122 18634->18641 18636 7ff7d7894f78 _get_daylight 11 API calls 18635->18636 18637 7ff7d78810c8 18636->18637 18638->18511 18643 7ff7d7894f78 _get_daylight 11 API calls 18640->18643 18642 7ff7d7881129 18641->18642 18651 7ff7d788113c 18641->18651 18691 7ff7d78950a1 18690->18691 18692 7ff7d78950ce 18690->18692 18693 7ff7d7894f78 _get_daylight 11 API calls 18691->18693 18702 7ff7d7895058 18691->18702 18694 7ff7d78950f1 18692->18694 18697 7ff7d789510d 18692->18697 18695 7ff7d78950ab 18693->18695 18696 7ff7d7894f78 _get_daylight 11 API calls 18694->18696 18699 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 18695->18699 18700 7ff7d78950f6 18696->18700 18698 7ff7d7894fbc 45 API calls 18697->18698 18704 7ff7d7895101 18698->18704 18701 7ff7d78950b6 18699->18701 18703 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 18700->18703 18701->18556 18702->18556 18703->18704 18704->18556 18706 7ff7d7884126 18705->18706 18707 7ff7d78949f4 49 API calls 18706->18707 18708 7ff7d788414c 18707->18708 18769 7ff7d7895f38 18768->18769 18770 7ff7d7895f5e 18769->18770 18772 7ff7d7895f91 18769->18772 18771 7ff7d7894f78 _get_daylight 11 API calls 18770->18771 18773 7ff7d7895f63 18771->18773 18774 7ff7d7895fa4 18772->18774 18775 7ff7d7895f97 18772->18775 18776 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 18773->18776 18787 7ff7d789ac98 18774->18787 18777 7ff7d7894f78 _get_daylight 11 API calls 18775->18777 18786 7ff7d7884606 18776->18786 18777->18786 18786->17540 18800 7ff7d78a0348 EnterCriticalSection 18787->18800 19160 7ff7d7897968 19159->19160 19163 7ff7d7897444 19160->19163 19162 7ff7d7897981 19162->17550 19164 7ff7d789745f 19163->19164 19165 7ff7d789748e 19163->19165 19166 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 19164->19166 19173 7ff7d78954dc EnterCriticalSection 19165->19173 19168 7ff7d789747f 19166->19168 19168->19162 19175 7ff7d788fee1 19174->19175 19176 7ff7d788feb3 19174->19176 19178 7ff7d788fed3 19175->19178 19184 7ff7d78954dc EnterCriticalSection 19175->19184 19177 7ff7d789a884 _invalid_parameter_noinfo 37 API calls 19176->19177 19177->19178 19178->17554 19186 7ff7d78845b0 108 API calls 19185->19186 19187 7ff7d7881493 19186->19187 19188 7ff7d78814bc 19187->19188 19189 7ff7d788149b 19187->19189 19190 7ff7d7890744 73 API calls 19188->19190 19191 7ff7d7882710 54 API calls 19189->19191 19192 7ff7d78814d1 19190->19192 19193 7ff7d78814ab 19191->19193 19194 7ff7d78814f8 19192->19194 19195 7ff7d78814d5 19192->19195 19193->17580 19292 7ff7d7886365 19291->19292 19293 7ff7d7881c80 49 API calls 19292->19293 19294 7ff7d78863a1 19293->19294 19295 7ff7d78863cd 19294->19295 19296 7ff7d78863aa 19294->19296 19298 7ff7d7884620 49 API calls 19295->19298 19297 7ff7d7882710 54 API calls 19296->19297 19300 7ff7d78863c3 19297->19300 19299 7ff7d78863e5 19298->19299 19301 7ff7d7886403 19299->19301 19302 7ff7d7882710 54 API calls 19299->19302 19304 7ff7d788c5c0 _log10_special 8 API calls 19300->19304 19303 7ff7d7884550 10 API calls 19301->19303 19302->19301 19305 7ff7d788640d 19303->19305 19306 7ff7d788336e 19304->19306 19307 7ff7d788641b 19305->19307 19308 7ff7d7889070 3 API calls 19305->19308 19306->17654 19322 7ff7d78864f0 19306->19322 19308->19307 19471 7ff7d78853f0 19322->19471 20538 7ff7d78a1720 20549 7ff7d78a7454 20538->20549 20550 7ff7d78a7461 20549->20550 20551 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20550->20551 20552 7ff7d78a747d 20550->20552 20551->20550 20553 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20552->20553 20554 7ff7d78a1729 20552->20554 20553->20552 20555 7ff7d78a0348 EnterCriticalSection 20554->20555 16876 7ff7d7895698 16877 7ff7d78956cf 16876->16877 16878 7ff7d78956b2 16876->16878 16877->16878 16880 7ff7d78956e2 CreateFileW 16877->16880 16927 7ff7d7894f58 16878->16927 16882 7ff7d7895716 16880->16882 16883 7ff7d789574c 16880->16883 16901 7ff7d78957ec GetFileType 16882->16901 16930 7ff7d7895c74 16883->16930 16885 7ff7d7894f78 _get_daylight 11 API calls 16888 7ff7d78956bf 16885->16888 16892 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 16888->16892 16890 7ff7d7895780 16951 7ff7d7895a34 16890->16951 16891 7ff7d7895755 16895 7ff7d7894eec _fread_nolock 11 API calls 16891->16895 16897 7ff7d78956ca 16892->16897 16893 7ff7d7895741 CloseHandle 16893->16897 16894 7ff7d789572b CloseHandle 16894->16897 16900 7ff7d789575f 16895->16900 16900->16897 16902 7ff7d78958f7 16901->16902 16903 7ff7d789583a 16901->16903 16905 7ff7d78958ff 16902->16905 16906 7ff7d7895921 16902->16906 16904 7ff7d7895866 GetFileInformationByHandle 16903->16904 16908 7ff7d7895b70 21 API calls 16903->16908 16909 7ff7d789588f 16904->16909 16910 7ff7d7895912 GetLastError 16904->16910 16905->16910 16911 7ff7d7895903 16905->16911 16907 7ff7d7895944 PeekNamedPipe 16906->16907 16926 7ff7d78958e2 16906->16926 16907->16926 16913 7ff7d7895854 16908->16913 16914 7ff7d7895a34 51 API calls 16909->16914 16912 7ff7d7894eec _fread_nolock 11 API calls 16910->16912 16915 7ff7d7894f78 _get_daylight 11 API calls 16911->16915 16912->16926 16913->16904 16913->16926 16917 7ff7d789589a 16914->16917 16915->16926 16916 7ff7d788c5c0 _log10_special 8 API calls 16918 7ff7d7895724 16916->16918 16968 7ff7d7895994 16917->16968 16918->16893 16918->16894 16921 7ff7d7895994 10 API calls 16922 7ff7d78958b9 16921->16922 16923 7ff7d7895994 10 API calls 16922->16923 16924 7ff7d78958ca 16923->16924 16925 7ff7d7894f78 _get_daylight 11 API calls 16924->16925 16924->16926 16925->16926 16926->16916 16928 7ff7d789b338 _get_daylight 11 API calls 16927->16928 16929 7ff7d7894f61 16928->16929 16929->16885 16931 7ff7d7895caa 16930->16931 16932 7ff7d7894f78 _get_daylight 11 API calls 16931->16932 16945 7ff7d7895d42 __std_exception_copy 16931->16945 16934 7ff7d7895cbc 16932->16934 16933 7ff7d788c5c0 _log10_special 8 API calls 16935 7ff7d7895751 16933->16935 16936 7ff7d7894f78 _get_daylight 11 API calls 16934->16936 16935->16890 16935->16891 16937 7ff7d7895cc4 16936->16937 16975 7ff7d7897e78 16937->16975 16939 7ff7d7895cd9 16940 7ff7d7895ce1 16939->16940 16941 7ff7d7895ceb 16939->16941 16942 7ff7d7894f78 _get_daylight 11 API calls 16940->16942 16943 7ff7d7894f78 _get_daylight 11 API calls 16941->16943 16950 7ff7d7895ce6 16942->16950 16944 7ff7d7895cf0 16943->16944 16944->16945 16946 7ff7d7894f78 _get_daylight 11 API calls 16944->16946 16945->16933 16947 7ff7d7895cfa 16946->16947 16949 7ff7d7897e78 45 API calls 16947->16949 16948 7ff7d7895d34 GetDriveTypeW 16948->16945 16949->16950 16950->16945 16950->16948 16953 7ff7d7895a5c 16951->16953 16952 7ff7d789578d 16961 7ff7d7895b70 16952->16961 16953->16952 17069 7ff7d789f794 16953->17069 16955 7ff7d7895af0 16955->16952 16956 7ff7d789f794 51 API calls 16955->16956 16957 7ff7d7895b03 16956->16957 16957->16952 16958 7ff7d789f794 51 API calls 16957->16958 16959 7ff7d7895b16 16958->16959 16959->16952 16960 7ff7d789f794 51 API calls 16959->16960 16960->16952 16962 7ff7d7895b8a 16961->16962 16963 7ff7d7895bc1 16962->16963 16964 7ff7d7895b9a 16962->16964 16965 7ff7d789f628 21 API calls 16963->16965 16966 7ff7d7894eec _fread_nolock 11 API calls 16964->16966 16967 7ff7d7895baa 16964->16967 16965->16967 16966->16967 16967->16900 16969 7ff7d78959b0 16968->16969 16970 7ff7d78959bd FileTimeToSystemTime 16968->16970 16969->16970 16974 7ff7d78959b8 16969->16974 16971 7ff7d78959d1 SystemTimeToTzSpecificLocalTime 16970->16971 16970->16974 16971->16974 16972 7ff7d788c5c0 _log10_special 8 API calls 16973 7ff7d78958a9 16972->16973 16973->16921 16974->16972 16976 7ff7d7897f02 16975->16976 16977 7ff7d7897e94 16975->16977 17012 7ff7d78a0830 16976->17012 16977->16976 16979 7ff7d7897e99 16977->16979 16981 7ff7d7897eb1 16979->16981 16982 7ff7d7897ece 16979->16982 16980 7ff7d7897ec6 __std_exception_copy 16980->16939 16987 7ff7d7897c48 GetFullPathNameW 16981->16987 16995 7ff7d7897cbc GetFullPathNameW 16982->16995 16988 7ff7d7897c6e GetLastError 16987->16988 16990 7ff7d7897c84 16987->16990 16989 7ff7d7894eec _fread_nolock 11 API calls 16988->16989 16991 7ff7d7897c7b 16989->16991 16992 7ff7d7894f78 _get_daylight 11 API calls 16990->16992 16994 7ff7d7897c80 16990->16994 16993 7ff7d7894f78 _get_daylight 11 API calls 16991->16993 16992->16994 16993->16994 16994->16980 16996 7ff7d7897cef GetLastError 16995->16996 16999 7ff7d7897d05 __std_exception_copy 16995->16999 16997 7ff7d7894eec _fread_nolock 11 API calls 16996->16997 16998 7ff7d7897cfc 16997->16998 17000 7ff7d7894f78 _get_daylight 11 API calls 16998->17000 17001 7ff7d7897d5f GetFullPathNameW 16999->17001 17002 7ff7d7897d01 16999->17002 17000->17002 17001->16996 17001->17002 17003 7ff7d7897d94 17002->17003 17004 7ff7d7897dbd memcpy_s 17003->17004 17008 7ff7d7897e08 memcpy_s 17003->17008 17005 7ff7d7897df1 17004->17005 17004->17008 17010 7ff7d7897e2a 17004->17010 17006 7ff7d7894f78 _get_daylight 11 API calls 17005->17006 17007 7ff7d7897df6 17006->17007 17009 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 17007->17009 17008->16980 17009->17008 17010->17008 17011 7ff7d7894f78 _get_daylight 11 API calls 17010->17011 17011->17007 17015 7ff7d78a0640 17012->17015 17016 7ff7d78a0682 17015->17016 17017 7ff7d78a066b 17015->17017 17018 7ff7d78a0686 17016->17018 17019 7ff7d78a06a7 17016->17019 17020 7ff7d7894f78 _get_daylight 11 API calls 17017->17020 17041 7ff7d78a07ac 17018->17041 17053 7ff7d789f628 17019->17053 17025 7ff7d78a0670 17020->17025 17024 7ff7d78a06ac 17030 7ff7d78a0751 17024->17030 17036 7ff7d78a06d3 17024->17036 17027 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 17025->17027 17026 7ff7d78a068f 17028 7ff7d7894f58 _fread_nolock 11 API calls 17026->17028 17040 7ff7d78a067b __std_exception_copy 17027->17040 17029 7ff7d78a0694 17028->17029 17033 7ff7d7894f78 _get_daylight 11 API calls 17029->17033 17030->17017 17031 7ff7d78a0759 17030->17031 17034 7ff7d7897c48 13 API calls 17031->17034 17032 7ff7d788c5c0 _log10_special 8 API calls 17035 7ff7d78a07a1 17032->17035 17033->17025 17034->17040 17035->16980 17037 7ff7d7897cbc 14 API calls 17036->17037 17038 7ff7d78a0717 17037->17038 17039 7ff7d7897d94 37 API calls 17038->17039 17038->17040 17039->17040 17040->17032 17042 7ff7d78a07f6 17041->17042 17043 7ff7d78a07c6 17041->17043 17045 7ff7d78a0801 GetDriveTypeW 17042->17045 17047 7ff7d78a07e1 17042->17047 17044 7ff7d7894f58 _fread_nolock 11 API calls 17043->17044 17046 7ff7d78a07cb 17044->17046 17045->17047 17048 7ff7d7894f78 _get_daylight 11 API calls 17046->17048 17049 7ff7d788c5c0 _log10_special 8 API calls 17047->17049 17050 7ff7d78a07d6 17048->17050 17051 7ff7d78a068b 17049->17051 17052 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 17050->17052 17051->17024 17051->17026 17052->17047 17067 7ff7d78aa540 17053->17067 17056 7ff7d789f69c 17057 7ff7d789ec08 _get_daylight 11 API calls 17056->17057 17060 7ff7d789f6ab 17057->17060 17058 7ff7d788c5c0 _log10_special 8 API calls 17063 7ff7d789f709 17058->17063 17059 7ff7d789f675 17059->17058 17061 7ff7d789f6c4 17060->17061 17062 7ff7d789f6b5 GetCurrentDirectoryW 17060->17062 17065 7ff7d7894f78 _get_daylight 11 API calls 17061->17065 17062->17061 17064 7ff7d789f6c9 17062->17064 17063->17024 17066 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17064->17066 17065->17064 17066->17059 17068 7ff7d789f65e GetCurrentDirectoryW 17067->17068 17068->17056 17068->17059 17070 7ff7d789f7a1 17069->17070 17071 7ff7d789f7c5 17069->17071 17070->17071 17072 7ff7d789f7a6 17070->17072 17074 7ff7d789f7ff 17071->17074 17077 7ff7d789f81e 17071->17077 17073 7ff7d7894f78 _get_daylight 11 API calls 17072->17073 17075 7ff7d789f7ab 17073->17075 17076 7ff7d7894f78 _get_daylight 11 API calls 17074->17076 17079 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 17075->17079 17080 7ff7d789f804 17076->17080 17078 7ff7d7894fbc 45 API calls 17077->17078 17085 7ff7d789f82b 17078->17085 17081 7ff7d789f7b6 17079->17081 17082 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 17080->17082 17081->16955 17083 7ff7d789f80f 17082->17083 17083->16955 17084 7ff7d78a054c 51 API calls 17084->17085 17085->17083 17085->17084 15937 7ff7d788bb50 15938 7ff7d788bb7e 15937->15938 15939 7ff7d788bb65 15937->15939 15939->15938 15942 7ff7d789d66c 15939->15942 15943 7ff7d789d6b7 15942->15943 15947 7ff7d789d67b _get_daylight 15942->15947 15952 7ff7d7894f78 15943->15952 15945 7ff7d789d69e HeapAlloc 15946 7ff7d788bbde 15945->15946 15945->15947 15947->15943 15947->15945 15949 7ff7d78a3600 15947->15949 15955 7ff7d78a3640 15949->15955 15961 7ff7d789b338 GetLastError 15952->15961 15954 7ff7d7894f81 15954->15946 15960 7ff7d78a0348 EnterCriticalSection 15955->15960 15962 7ff7d789b379 FlsSetValue 15961->15962 15966 7ff7d789b35c 15961->15966 15963 7ff7d789b38b 15962->15963 15967 7ff7d789b369 SetLastError 15962->15967 15978 7ff7d789ec08 15963->15978 15966->15962 15966->15967 15967->15954 15969 7ff7d789b3b8 FlsSetValue 15971 7ff7d789b3c4 FlsSetValue 15969->15971 15972 7ff7d789b3d6 15969->15972 15970 7ff7d789b3a8 FlsSetValue 15973 7ff7d789b3b1 15970->15973 15971->15973 15991 7ff7d789af64 15972->15991 15985 7ff7d789a9b8 15973->15985 15979 7ff7d789ec19 _get_daylight 15978->15979 15980 7ff7d789ec6a 15979->15980 15981 7ff7d789ec4e HeapAlloc 15979->15981 15984 7ff7d78a3600 _get_daylight 2 API calls 15979->15984 15983 7ff7d7894f78 _get_daylight 10 API calls 15980->15983 15981->15979 15982 7ff7d789b39a 15981->15982 15982->15969 15982->15970 15983->15982 15984->15979 15986 7ff7d789a9bd RtlFreeHeap 15985->15986 15988 7ff7d789a9ec 15985->15988 15987 7ff7d789a9d8 GetLastError 15986->15987 15986->15988 15989 7ff7d789a9e5 Concurrency::details::SchedulerProxy::DeleteThis 15987->15989 15988->15967 15990 7ff7d7894f78 _get_daylight 9 API calls 15989->15990 15990->15988 15996 7ff7d789ae3c 15991->15996 16008 7ff7d78a0348 EnterCriticalSection 15996->16008 16010 7ff7d78999d1 16022 7ff7d789a448 16010->16022 16027 7ff7d789b1c0 GetLastError 16022->16027 16028 7ff7d789b201 FlsSetValue 16027->16028 16029 7ff7d789b1e4 FlsGetValue 16027->16029 16031 7ff7d789b213 16028->16031 16046 7ff7d789b1f1 16028->16046 16030 7ff7d789b1fb 16029->16030 16029->16046 16030->16028 16033 7ff7d789ec08 _get_daylight 11 API calls 16031->16033 16032 7ff7d789b26d SetLastError 16034 7ff7d789a451 16032->16034 16035 7ff7d789b28d 16032->16035 16036 7ff7d789b222 16033->16036 16049 7ff7d789a574 16034->16049 16037 7ff7d789a574 __CxxCallCatchBlock 38 API calls 16035->16037 16038 7ff7d789b240 FlsSetValue 16036->16038 16039 7ff7d789b230 FlsSetValue 16036->16039 16042 7ff7d789b292 16037->16042 16040 7ff7d789b24c FlsSetValue 16038->16040 16041 7ff7d789b25e 16038->16041 16043 7ff7d789b239 16039->16043 16040->16043 16044 7ff7d789af64 _get_daylight 11 API calls 16041->16044 16045 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16043->16045 16047 7ff7d789b266 16044->16047 16045->16046 16046->16032 16048 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16047->16048 16048->16032 16058 7ff7d78a36c0 16049->16058 16092 7ff7d78a3678 16058->16092 16097 7ff7d78a0348 EnterCriticalSection 16092->16097 20164 7ff7d78aac53 20165 7ff7d78aac63 20164->20165 20168 7ff7d78954e8 LeaveCriticalSection 20165->20168 20169 7ff7d789b040 20170 7ff7d789b05a 20169->20170 20171 7ff7d789b045 20169->20171 20175 7ff7d789b060 20171->20175 20176 7ff7d789b0a2 20175->20176 20177 7ff7d789b0aa 20175->20177 20178 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20176->20178 20179 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20177->20179 20178->20177 20180 7ff7d789b0b7 20179->20180 20181 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20180->20181 20182 7ff7d789b0c4 20181->20182 20183 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20182->20183 20184 7ff7d789b0d1 20183->20184 20185 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20184->20185 20186 7ff7d789b0de 20185->20186 20187 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20186->20187 20188 7ff7d789b0eb 20187->20188 20189 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20188->20189 20190 7ff7d789b0f8 20189->20190 20191 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20190->20191 20192 7ff7d789b105 20191->20192 20193 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20192->20193 20194 7ff7d789b115 20193->20194 20195 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20194->20195 20196 7ff7d789b125 20195->20196 20201 7ff7d789af04 20196->20201 20215 7ff7d78a0348 EnterCriticalSection 20201->20215 20318 7ff7d7899dc0 20321 7ff7d7899d3c 20318->20321 20328 7ff7d78a0348 EnterCriticalSection 20321->20328 20332 7ff7d788cbc0 20333 7ff7d788cbd0 20332->20333 20349 7ff7d7899c18 20333->20349 20335 7ff7d788cbdc 20355 7ff7d788ceb8 20335->20355 20337 7ff7d788d19c 7 API calls 20339 7ff7d788cc75 20337->20339 20338 7ff7d788cbf4 _RTC_Initialize 20347 7ff7d788cc49 20338->20347 20360 7ff7d788d068 20338->20360 20341 7ff7d788cc09 20363 7ff7d7899084 20341->20363 20347->20337 20348 7ff7d788cc65 20347->20348 20350 7ff7d7899c29 20349->20350 20351 7ff7d7899c31 20350->20351 20352 7ff7d7894f78 _get_daylight 11 API calls 20350->20352 20351->20335 20353 7ff7d7899c40 20352->20353 20354 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 20353->20354 20354->20351 20356 7ff7d788cec9 20355->20356 20357 7ff7d788cece __scrt_acquire_startup_lock 20355->20357 20356->20357 20358 7ff7d788d19c 7 API calls 20356->20358 20357->20338 20359 7ff7d788cf42 20358->20359 20388 7ff7d788d02c 20360->20388 20362 7ff7d788d071 20362->20341 20364 7ff7d78990a4 20363->20364 20379 7ff7d788cc15 20363->20379 20365 7ff7d78990c2 GetModuleFileNameW 20364->20365 20366 7ff7d78990ac 20364->20366 20370 7ff7d78990ed 20365->20370 20367 7ff7d7894f78 _get_daylight 11 API calls 20366->20367 20368 7ff7d78990b1 20367->20368 20369 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 20368->20369 20369->20379 20371 7ff7d7899024 11 API calls 20370->20371 20372 7ff7d789912d 20371->20372 20373 7ff7d7899135 20372->20373 20377 7ff7d789914d 20372->20377 20374 7ff7d7894f78 _get_daylight 11 API calls 20373->20374 20375 7ff7d789913a 20374->20375 20378 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20375->20378 20376 7ff7d789916f 20380 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20376->20380 20377->20376 20381 7ff7d78991b4 20377->20381 20382 7ff7d789919b 20377->20382 20378->20379 20379->20347 20387 7ff7d788d13c InitializeSListHead 20379->20387 20380->20379 20385 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20381->20385 20383 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20382->20383 20384 7ff7d78991a4 20383->20384 20386 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20384->20386 20385->20376 20386->20379 20389 7ff7d788d046 20388->20389 20391 7ff7d788d03f 20388->20391 20392 7ff7d789a25c 20389->20392 20391->20362 20395 7ff7d7899e98 20392->20395 20402 7ff7d78a0348 EnterCriticalSection 20395->20402 16162 7ff7d78a0938 16163 7ff7d78a095c 16162->16163 16165 7ff7d78a096c 16162->16165 16164 7ff7d7894f78 _get_daylight 11 API calls 16163->16164 16184 7ff7d78a0961 16164->16184 16166 7ff7d78a0c4c 16165->16166 16167 7ff7d78a098e 16165->16167 16168 7ff7d7894f78 _get_daylight 11 API calls 16166->16168 16169 7ff7d78a09af 16167->16169 16311 7ff7d78a0ff4 16167->16311 16170 7ff7d78a0c51 16168->16170 16173 7ff7d78a0a21 16169->16173 16175 7ff7d78a09d5 16169->16175 16180 7ff7d78a0a15 16169->16180 16172 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16170->16172 16172->16184 16177 7ff7d789ec08 _get_daylight 11 API calls 16173->16177 16194 7ff7d78a09e4 16173->16194 16174 7ff7d78a0ace 16183 7ff7d78a0aeb 16174->16183 16191 7ff7d78a0b3d 16174->16191 16326 7ff7d7899730 16175->16326 16181 7ff7d78a0a37 16177->16181 16179 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16179->16184 16180->16174 16180->16194 16332 7ff7d78a719c 16180->16332 16185 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16181->16185 16188 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16183->16188 16189 7ff7d78a0a45 16185->16189 16186 7ff7d78a09df 16190 7ff7d7894f78 _get_daylight 11 API calls 16186->16190 16187 7ff7d78a09fd 16187->16180 16193 7ff7d78a0ff4 45 API calls 16187->16193 16192 7ff7d78a0af4 16188->16192 16189->16180 16189->16194 16197 7ff7d789ec08 _get_daylight 11 API calls 16189->16197 16190->16194 16191->16194 16195 7ff7d78a344c 40 API calls 16191->16195 16204 7ff7d78a0af9 16192->16204 16368 7ff7d78a344c 16192->16368 16193->16180 16194->16179 16196 7ff7d78a0b7a 16195->16196 16199 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16196->16199 16198 7ff7d78a0a67 16197->16198 16201 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16198->16201 16202 7ff7d78a0b84 16199->16202 16201->16180 16202->16194 16202->16204 16203 7ff7d78a0c40 16206 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16203->16206 16204->16203 16208 7ff7d789ec08 _get_daylight 11 API calls 16204->16208 16205 7ff7d78a0b25 16207 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16205->16207 16206->16184 16207->16204 16209 7ff7d78a0bc8 16208->16209 16210 7ff7d78a0bd0 16209->16210 16211 7ff7d78a0bd9 16209->16211 16213 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16210->16213 16293 7ff7d789a514 16211->16293 16214 7ff7d78a0bd7 16213->16214 16220 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16214->16220 16216 7ff7d78a0bf0 16377 7ff7d78a72b4 16216->16377 16217 7ff7d78a0c7b 16219 7ff7d789a970 _isindst 17 API calls 16217->16219 16222 7ff7d78a0c8f 16219->16222 16220->16184 16225 7ff7d78a0cb8 16222->16225 16231 7ff7d78a0cc8 16222->16231 16223 7ff7d78a0c38 16226 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16223->16226 16224 7ff7d78a0c17 16227 7ff7d7894f78 _get_daylight 11 API calls 16224->16227 16228 7ff7d7894f78 _get_daylight 11 API calls 16225->16228 16226->16203 16229 7ff7d78a0c1c 16227->16229 16230 7ff7d78a0cbd 16228->16230 16233 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16229->16233 16232 7ff7d78a0fab 16231->16232 16234 7ff7d78a0cea 16231->16234 16235 7ff7d7894f78 _get_daylight 11 API calls 16232->16235 16233->16214 16236 7ff7d78a0d07 16234->16236 16396 7ff7d78a10dc 16234->16396 16237 7ff7d78a0fb0 16235->16237 16240 7ff7d78a0d7b 16236->16240 16242 7ff7d78a0d2f 16236->16242 16248 7ff7d78a0d6f 16236->16248 16239 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16237->16239 16239->16230 16244 7ff7d78a0da3 16240->16244 16249 7ff7d789ec08 _get_daylight 11 API calls 16240->16249 16260 7ff7d78a0d3e 16240->16260 16241 7ff7d78a0e2e 16251 7ff7d78a0e4b 16241->16251 16261 7ff7d78a0e9e 16241->16261 16411 7ff7d789976c 16242->16411 16246 7ff7d789ec08 _get_daylight 11 API calls 16244->16246 16244->16248 16244->16260 16252 7ff7d78a0dc5 16246->16252 16247 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16247->16230 16248->16241 16248->16260 16417 7ff7d78a705c 16248->16417 16253 7ff7d78a0d95 16249->16253 16256 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16251->16256 16257 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16252->16257 16258 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16253->16258 16254 7ff7d78a0d57 16254->16248 16263 7ff7d78a10dc 45 API calls 16254->16263 16255 7ff7d78a0d39 16259 7ff7d7894f78 _get_daylight 11 API calls 16255->16259 16262 7ff7d78a0e54 16256->16262 16257->16248 16258->16244 16259->16260 16260->16247 16261->16260 16264 7ff7d78a344c 40 API calls 16261->16264 16265 7ff7d78a0e5a 16262->16265 16268 7ff7d78a344c 40 API calls 16262->16268 16263->16248 16266 7ff7d78a0edc 16264->16266 16270 7ff7d78a0f9f 16265->16270 16274 7ff7d789ec08 _get_daylight 11 API calls 16265->16274 16267 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16266->16267 16269 7ff7d78a0ee6 16267->16269 16271 7ff7d78a0e86 16268->16271 16269->16260 16269->16265 16272 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16270->16272 16273 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16271->16273 16272->16230 16273->16265 16275 7ff7d78a0f2b 16274->16275 16276 7ff7d78a0f33 16275->16276 16277 7ff7d78a0f3c 16275->16277 16278 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16276->16278 16302 7ff7d78a04e4 16277->16302 16280 7ff7d78a0f3a 16278->16280 16287 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16280->16287 16282 7ff7d78a0fdf 16286 7ff7d789a970 _isindst 17 API calls 16282->16286 16283 7ff7d78a0f52 SetEnvironmentVariableW 16284 7ff7d78a0f76 16283->16284 16285 7ff7d78a0f97 16283->16285 16289 7ff7d7894f78 _get_daylight 11 API calls 16284->16289 16288 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16285->16288 16290 7ff7d78a0ff3 16286->16290 16287->16230 16288->16270 16291 7ff7d78a0f7b 16289->16291 16292 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16291->16292 16292->16280 16294 7ff7d789a52b 16293->16294 16295 7ff7d789a521 16293->16295 16296 7ff7d7894f78 _get_daylight 11 API calls 16294->16296 16295->16294 16300 7ff7d789a546 16295->16300 16297 7ff7d789a532 16296->16297 16298 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 16297->16298 16299 7ff7d789a53e 16298->16299 16299->16216 16299->16217 16300->16299 16301 7ff7d7894f78 _get_daylight 11 API calls 16300->16301 16301->16297 16303 7ff7d78a04f1 16302->16303 16304 7ff7d78a04fb 16302->16304 16303->16304 16308 7ff7d78a0517 16303->16308 16305 7ff7d7894f78 _get_daylight 11 API calls 16304->16305 16310 7ff7d78a0503 16305->16310 16306 7ff7d78a050f 16306->16282 16306->16283 16307 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 16307->16306 16308->16306 16309 7ff7d7894f78 _get_daylight 11 API calls 16308->16309 16309->16310 16310->16307 16312 7ff7d78a1029 16311->16312 16319 7ff7d78a1011 16311->16319 16313 7ff7d789ec08 _get_daylight 11 API calls 16312->16313 16321 7ff7d78a104d 16313->16321 16314 7ff7d78a10d2 16316 7ff7d789a574 __CxxCallCatchBlock 45 API calls 16314->16316 16315 7ff7d78a10ae 16318 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16315->16318 16317 7ff7d78a10d8 16316->16317 16318->16319 16319->16169 16320 7ff7d789ec08 _get_daylight 11 API calls 16320->16321 16321->16314 16321->16315 16321->16320 16322 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16321->16322 16323 7ff7d789a514 __std_exception_copy 37 API calls 16321->16323 16324 7ff7d78a10bd 16321->16324 16322->16321 16323->16321 16325 7ff7d789a970 _isindst 17 API calls 16324->16325 16325->16314 16327 7ff7d7899740 16326->16327 16331 7ff7d7899749 16326->16331 16327->16331 16441 7ff7d7899208 16327->16441 16331->16186 16331->16187 16333 7ff7d78a62c4 16332->16333 16334 7ff7d78a71a9 16332->16334 16335 7ff7d78a62d1 16333->16335 16343 7ff7d78a6307 16333->16343 16336 7ff7d7894fbc 45 API calls 16334->16336 16337 7ff7d7894f78 _get_daylight 11 API calls 16335->16337 16356 7ff7d78a6278 16335->16356 16339 7ff7d78a71dd 16336->16339 16340 7ff7d78a62db 16337->16340 16338 7ff7d78a6331 16341 7ff7d7894f78 _get_daylight 11 API calls 16338->16341 16342 7ff7d78a71e2 16339->16342 16344 7ff7d78a71f3 16339->16344 16348 7ff7d78a720a 16339->16348 16346 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 16340->16346 16347 7ff7d78a6336 16341->16347 16342->16180 16343->16338 16345 7ff7d78a6356 16343->16345 16349 7ff7d7894f78 _get_daylight 11 API calls 16344->16349 16352 7ff7d7894fbc 45 API calls 16345->16352 16357 7ff7d78a6341 16345->16357 16350 7ff7d78a62e6 16346->16350 16351 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 16347->16351 16354 7ff7d78a7214 16348->16354 16355 7ff7d78a7226 16348->16355 16353 7ff7d78a71f8 16349->16353 16350->16180 16351->16357 16352->16357 16358 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 16353->16358 16359 7ff7d7894f78 _get_daylight 11 API calls 16354->16359 16360 7ff7d78a7237 16355->16360 16361 7ff7d78a724e 16355->16361 16356->16180 16357->16180 16358->16342 16363 7ff7d78a7219 16359->16363 16727 7ff7d78a6314 16360->16727 16736 7ff7d78a8fbc 16361->16736 16366 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 16363->16366 16366->16342 16367 7ff7d7894f78 _get_daylight 11 API calls 16367->16342 16369 7ff7d78a348b 16368->16369 16370 7ff7d78a346e 16368->16370 16372 7ff7d78a3495 16369->16372 16776 7ff7d78a7ca8 16369->16776 16370->16369 16371 7ff7d78a347c 16370->16371 16373 7ff7d7894f78 _get_daylight 11 API calls 16371->16373 16783 7ff7d78a7ce4 16372->16783 16375 7ff7d78a3481 memcpy_s 16373->16375 16375->16205 16378 7ff7d7894fbc 45 API calls 16377->16378 16379 7ff7d78a731a 16378->16379 16380 7ff7d78a7328 16379->16380 16795 7ff7d789ef94 16379->16795 16798 7ff7d789551c 16380->16798 16384 7ff7d78a7414 16387 7ff7d78a7425 16384->16387 16388 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16384->16388 16385 7ff7d7894fbc 45 API calls 16386 7ff7d78a7397 16385->16386 16390 7ff7d789ef94 5 API calls 16386->16390 16393 7ff7d78a73a0 16386->16393 16389 7ff7d78a0c13 16387->16389 16391 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16387->16391 16388->16387 16389->16223 16389->16224 16390->16393 16391->16389 16392 7ff7d789551c 14 API calls 16394 7ff7d78a73fb 16392->16394 16393->16392 16394->16384 16395 7ff7d78a7403 SetEnvironmentVariableW 16394->16395 16395->16384 16397 7ff7d78a10ff 16396->16397 16398 7ff7d78a111c 16396->16398 16397->16236 16399 7ff7d789ec08 _get_daylight 11 API calls 16398->16399 16400 7ff7d78a1140 16399->16400 16402 7ff7d78a11a1 16400->16402 16405 7ff7d789ec08 _get_daylight 11 API calls 16400->16405 16406 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16400->16406 16407 7ff7d78a04e4 37 API calls 16400->16407 16408 7ff7d78a11b0 16400->16408 16410 7ff7d78a11c4 16400->16410 16401 7ff7d789a574 __CxxCallCatchBlock 45 API calls 16403 7ff7d78a11ca 16401->16403 16404 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16402->16404 16404->16397 16405->16400 16406->16400 16407->16400 16409 7ff7d789a970 _isindst 17 API calls 16408->16409 16409->16410 16410->16401 16412 7ff7d7899785 16411->16412 16413 7ff7d789977c 16411->16413 16412->16254 16412->16255 16413->16412 16825 7ff7d789927c 16413->16825 16418 7ff7d78a7069 16417->16418 16422 7ff7d78a7096 16417->16422 16419 7ff7d78a706e 16418->16419 16418->16422 16420 7ff7d7894f78 _get_daylight 11 API calls 16419->16420 16421 7ff7d78a7073 16420->16421 16424 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 16421->16424 16423 7ff7d78a70da 16422->16423 16425 7ff7d78a70f9 16422->16425 16439 7ff7d78a70ce __crtLCMapStringW 16422->16439 16426 7ff7d7894f78 _get_daylight 11 API calls 16423->16426 16427 7ff7d78a707e 16424->16427 16428 7ff7d78a7103 16425->16428 16429 7ff7d78a7115 16425->16429 16430 7ff7d78a70df 16426->16430 16427->16248 16432 7ff7d7894f78 _get_daylight 11 API calls 16428->16432 16433 7ff7d7894fbc 45 API calls 16429->16433 16431 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 16430->16431 16431->16439 16434 7ff7d78a7108 16432->16434 16435 7ff7d78a7122 16433->16435 16436 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 16434->16436 16435->16439 16872 7ff7d78a8b78 16435->16872 16436->16439 16439->16248 16440 7ff7d7894f78 _get_daylight 11 API calls 16440->16439 16442 7ff7d7899221 16441->16442 16452 7ff7d789921d 16441->16452 16464 7ff7d78a2660 16442->16464 16447 7ff7d789923f 16490 7ff7d78992ec 16447->16490 16448 7ff7d7899233 16450 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16448->16450 16450->16452 16452->16331 16456 7ff7d789955c 16452->16456 16453 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16454 7ff7d7899266 16453->16454 16455 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16454->16455 16455->16452 16457 7ff7d7899585 16456->16457 16462 7ff7d789959e 16456->16462 16457->16331 16458 7ff7d789ec08 _get_daylight 11 API calls 16458->16462 16459 7ff7d789962e 16461 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16459->16461 16460 7ff7d78a0858 WideCharToMultiByte 16460->16462 16461->16457 16462->16457 16462->16458 16462->16459 16462->16460 16463 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16462->16463 16463->16462 16465 7ff7d7899226 16464->16465 16466 7ff7d78a266d 16464->16466 16470 7ff7d78a299c GetEnvironmentStringsW 16465->16470 16509 7ff7d789b294 16466->16509 16471 7ff7d789922b 16470->16471 16472 7ff7d78a29cc 16470->16472 16471->16447 16471->16448 16473 7ff7d78a0858 WideCharToMultiByte 16472->16473 16474 7ff7d78a2a1d 16473->16474 16475 7ff7d78a2a24 FreeEnvironmentStringsW 16474->16475 16476 7ff7d789d66c _fread_nolock 12 API calls 16474->16476 16475->16471 16477 7ff7d78a2a37 16476->16477 16478 7ff7d78a2a3f 16477->16478 16479 7ff7d78a2a48 16477->16479 16480 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16478->16480 16481 7ff7d78a0858 WideCharToMultiByte 16479->16481 16482 7ff7d78a2a46 16480->16482 16483 7ff7d78a2a6b 16481->16483 16482->16475 16484 7ff7d78a2a6f 16483->16484 16485 7ff7d78a2a79 16483->16485 16486 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16484->16486 16487 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16485->16487 16488 7ff7d78a2a77 FreeEnvironmentStringsW 16486->16488 16487->16488 16488->16471 16491 7ff7d7899311 16490->16491 16492 7ff7d789ec08 _get_daylight 11 API calls 16491->16492 16503 7ff7d7899347 16492->16503 16493 7ff7d789934f 16494 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16493->16494 16495 7ff7d7899247 16494->16495 16495->16453 16496 7ff7d78993c2 16497 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16496->16497 16497->16495 16498 7ff7d789ec08 _get_daylight 11 API calls 16498->16503 16499 7ff7d78993b1 16721 7ff7d7899518 16499->16721 16500 7ff7d789a514 __std_exception_copy 37 API calls 16500->16503 16503->16493 16503->16496 16503->16498 16503->16499 16503->16500 16504 7ff7d78993e7 16503->16504 16507 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16503->16507 16506 7ff7d789a970 _isindst 17 API calls 16504->16506 16505 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16505->16493 16508 7ff7d78993fa 16506->16508 16507->16503 16510 7ff7d789b2c0 FlsSetValue 16509->16510 16511 7ff7d789b2a5 FlsGetValue 16509->16511 16512 7ff7d789b2b2 16510->16512 16514 7ff7d789b2cd 16510->16514 16511->16512 16513 7ff7d789b2ba 16511->16513 16515 7ff7d789b2b8 16512->16515 16516 7ff7d789a574 __CxxCallCatchBlock 45 API calls 16512->16516 16513->16510 16517 7ff7d789ec08 _get_daylight 11 API calls 16514->16517 16529 7ff7d78a2334 16515->16529 16518 7ff7d789b335 16516->16518 16519 7ff7d789b2dc 16517->16519 16520 7ff7d789b2fa FlsSetValue 16519->16520 16521 7ff7d789b2ea FlsSetValue 16519->16521 16522 7ff7d789b306 FlsSetValue 16520->16522 16523 7ff7d789b318 16520->16523 16524 7ff7d789b2f3 16521->16524 16522->16524 16525 7ff7d789af64 _get_daylight 11 API calls 16523->16525 16526 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16524->16526 16527 7ff7d789b320 16525->16527 16526->16512 16528 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16527->16528 16528->16515 16552 7ff7d78a25a4 16529->16552 16531 7ff7d78a2369 16567 7ff7d78a2034 16531->16567 16534 7ff7d789d66c _fread_nolock 12 API calls 16535 7ff7d78a2397 16534->16535 16536 7ff7d78a239f 16535->16536 16538 7ff7d78a23ae 16535->16538 16537 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16536->16537 16550 7ff7d78a2386 16537->16550 16538->16538 16574 7ff7d78a26dc 16538->16574 16541 7ff7d78a24aa 16542 7ff7d7894f78 _get_daylight 11 API calls 16541->16542 16544 7ff7d78a24af 16542->16544 16543 7ff7d78a24c4 16545 7ff7d78a2505 16543->16545 16551 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16543->16551 16546 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16544->16546 16547 7ff7d78a256c 16545->16547 16585 7ff7d78a1e64 16545->16585 16546->16550 16549 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16547->16549 16549->16550 16550->16465 16551->16545 16553 7ff7d78a25c7 16552->16553 16555 7ff7d78a25d1 16553->16555 16600 7ff7d78a0348 EnterCriticalSection 16553->16600 16558 7ff7d78a2643 16555->16558 16560 7ff7d789a574 __CxxCallCatchBlock 45 API calls 16555->16560 16558->16531 16561 7ff7d78a265b 16560->16561 16562 7ff7d78a26b2 16561->16562 16564 7ff7d789b294 50 API calls 16561->16564 16562->16531 16565 7ff7d78a269c 16564->16565 16566 7ff7d78a2334 65 API calls 16565->16566 16566->16562 16601 7ff7d7894fbc 16567->16601 16570 7ff7d78a2054 GetOEMCP 16572 7ff7d78a207b 16570->16572 16571 7ff7d78a2066 16571->16572 16573 7ff7d78a206b GetACP 16571->16573 16572->16534 16572->16550 16573->16572 16575 7ff7d78a2034 47 API calls 16574->16575 16576 7ff7d78a2709 16575->16576 16578 7ff7d78a2746 IsValidCodePage 16576->16578 16583 7ff7d78a285f 16576->16583 16584 7ff7d78a2760 memcpy_s 16576->16584 16577 7ff7d788c5c0 _log10_special 8 API calls 16579 7ff7d78a24a1 16577->16579 16580 7ff7d78a2757 16578->16580 16578->16583 16579->16541 16579->16543 16581 7ff7d78a2786 GetCPInfo 16580->16581 16580->16584 16581->16583 16581->16584 16583->16577 16633 7ff7d78a214c 16584->16633 16720 7ff7d78a0348 EnterCriticalSection 16585->16720 16602 7ff7d7894fe0 16601->16602 16608 7ff7d7894fdb 16601->16608 16603 7ff7d789b1c0 __CxxCallCatchBlock 45 API calls 16602->16603 16602->16608 16604 7ff7d7894ffb 16603->16604 16609 7ff7d789d9f4 16604->16609 16608->16570 16608->16571 16610 7ff7d789501e 16609->16610 16611 7ff7d789da09 16609->16611 16613 7ff7d789da60 16610->16613 16611->16610 16617 7ff7d78a3374 16611->16617 16614 7ff7d789da75 16613->16614 16615 7ff7d789da88 16613->16615 16614->16615 16630 7ff7d78a26c0 16614->16630 16615->16608 16618 7ff7d789b1c0 __CxxCallCatchBlock 45 API calls 16617->16618 16619 7ff7d78a3383 16618->16619 16620 7ff7d78a33ce 16619->16620 16629 7ff7d78a0348 EnterCriticalSection 16619->16629 16620->16610 16631 7ff7d789b1c0 __CxxCallCatchBlock 45 API calls 16630->16631 16632 7ff7d78a26c9 16631->16632 16634 7ff7d78a2189 GetCPInfo 16633->16634 16635 7ff7d78a227f 16633->16635 16634->16635 16640 7ff7d78a219c 16634->16640 16636 7ff7d788c5c0 _log10_special 8 API calls 16635->16636 16638 7ff7d78a231e 16636->16638 16638->16583 16644 7ff7d78a2eb0 16640->16644 16645 7ff7d7894fbc 45 API calls 16644->16645 16646 7ff7d78a2ef2 16645->16646 16664 7ff7d789f910 16646->16664 16666 7ff7d789f919 MultiByteToWideChar 16664->16666 16722 7ff7d78993b9 16721->16722 16723 7ff7d789951d 16721->16723 16722->16505 16724 7ff7d7899546 16723->16724 16726 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16723->16726 16725 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16724->16725 16725->16722 16726->16723 16728 7ff7d78a6331 16727->16728 16729 7ff7d78a6348 16727->16729 16730 7ff7d7894f78 _get_daylight 11 API calls 16728->16730 16729->16728 16731 7ff7d78a6356 16729->16731 16732 7ff7d78a6336 16730->16732 16734 7ff7d7894fbc 45 API calls 16731->16734 16735 7ff7d78a6341 16731->16735 16733 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 16732->16733 16733->16735 16734->16735 16735->16342 16737 7ff7d7894fbc 45 API calls 16736->16737 16738 7ff7d78a8fe1 16737->16738 16741 7ff7d78a8c38 16738->16741 16744 7ff7d78a8c86 16741->16744 16742 7ff7d788c5c0 _log10_special 8 API calls 16743 7ff7d78a7275 16742->16743 16743->16342 16743->16367 16745 7ff7d78a8d0d 16744->16745 16747 7ff7d78a8cf8 GetCPInfo 16744->16747 16750 7ff7d78a8d11 16744->16750 16746 7ff7d789f910 _fread_nolock MultiByteToWideChar 16745->16746 16745->16750 16748 7ff7d78a8da5 16746->16748 16747->16745 16747->16750 16749 7ff7d789d66c _fread_nolock 12 API calls 16748->16749 16748->16750 16751 7ff7d78a8ddc 16748->16751 16749->16751 16750->16742 16751->16750 16752 7ff7d789f910 _fread_nolock MultiByteToWideChar 16751->16752 16753 7ff7d78a8e4a 16752->16753 16754 7ff7d78a8f2c 16753->16754 16755 7ff7d789f910 _fread_nolock MultiByteToWideChar 16753->16755 16754->16750 16756 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16754->16756 16757 7ff7d78a8e70 16755->16757 16756->16750 16757->16754 16758 7ff7d789d66c _fread_nolock 12 API calls 16757->16758 16759 7ff7d78a8e9d 16757->16759 16758->16759 16759->16754 16760 7ff7d789f910 _fread_nolock MultiByteToWideChar 16759->16760 16761 7ff7d78a8f14 16760->16761 16762 7ff7d78a8f34 16761->16762 16763 7ff7d78a8f1a 16761->16763 16770 7ff7d789efd8 16762->16770 16763->16754 16765 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16763->16765 16765->16754 16767 7ff7d78a8f73 16767->16750 16769 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16767->16769 16768 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16768->16767 16769->16750 16771 7ff7d789ed80 __crtLCMapStringW 5 API calls 16770->16771 16772 7ff7d789f016 16771->16772 16773 7ff7d789f01e 16772->16773 16774 7ff7d789f240 __crtLCMapStringW 5 API calls 16772->16774 16773->16767 16773->16768 16775 7ff7d789f087 CompareStringW 16774->16775 16775->16773 16777 7ff7d78a7cb1 16776->16777 16778 7ff7d78a7cca HeapSize 16776->16778 16779 7ff7d7894f78 _get_daylight 11 API calls 16777->16779 16780 7ff7d78a7cb6 16779->16780 16781 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 16780->16781 16782 7ff7d78a7cc1 16781->16782 16782->16372 16784 7ff7d78a7d03 16783->16784 16785 7ff7d78a7cf9 16783->16785 16787 7ff7d78a7d08 16784->16787 16793 7ff7d78a7d0f _get_daylight 16784->16793 16786 7ff7d789d66c _fread_nolock 12 API calls 16785->16786 16791 7ff7d78a7d01 16786->16791 16788 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16787->16788 16788->16791 16789 7ff7d78a7d42 HeapReAlloc 16789->16791 16789->16793 16790 7ff7d78a7d15 16792 7ff7d7894f78 _get_daylight 11 API calls 16790->16792 16791->16375 16792->16791 16793->16789 16793->16790 16794 7ff7d78a3600 _get_daylight 2 API calls 16793->16794 16794->16793 16796 7ff7d789ed80 __crtLCMapStringW 5 API calls 16795->16796 16797 7ff7d789efb4 16796->16797 16797->16380 16799 7ff7d7895546 16798->16799 16800 7ff7d789556a 16798->16800 16801 7ff7d7895555 16799->16801 16805 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16799->16805 16802 7ff7d789556f 16800->16802 16803 7ff7d78955c4 16800->16803 16801->16384 16801->16385 16802->16801 16806 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16802->16806 16810 7ff7d7895584 16802->16810 16804 7ff7d789f910 _fread_nolock MultiByteToWideChar 16803->16804 16809 7ff7d78955e0 16804->16809 16805->16801 16806->16810 16807 7ff7d789d66c _fread_nolock 12 API calls 16807->16801 16808 7ff7d78955e7 GetLastError 16820 7ff7d7894eec 16808->16820 16809->16808 16812 7ff7d7895622 16809->16812 16813 7ff7d7895615 16809->16813 16816 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16809->16816 16810->16807 16812->16801 16814 7ff7d789f910 _fread_nolock MultiByteToWideChar 16812->16814 16817 7ff7d789d66c _fread_nolock 12 API calls 16813->16817 16818 7ff7d7895666 16814->16818 16816->16813 16817->16812 16818->16801 16818->16808 16819 7ff7d7894f78 _get_daylight 11 API calls 16819->16801 16821 7ff7d789b338 _get_daylight 11 API calls 16820->16821 16822 7ff7d7894ef9 Concurrency::details::SchedulerProxy::DeleteThis 16821->16822 16823 7ff7d789b338 _get_daylight 11 API calls 16822->16823 16824 7ff7d7894f1b 16823->16824 16824->16819 16826 7ff7d7899291 16825->16826 16827 7ff7d7899295 16825->16827 16826->16412 16838 7ff7d789963c 16826->16838 16846 7ff7d78a2aac GetEnvironmentStringsW 16827->16846 16830 7ff7d78992a2 16832 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16830->16832 16831 7ff7d78992ae 16853 7ff7d78993fc 16831->16853 16832->16826 16835 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16836 7ff7d78992d5 16835->16836 16837 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16836->16837 16837->16826 16839 7ff7d789965f 16838->16839 16844 7ff7d7899676 16838->16844 16839->16412 16840 7ff7d789f910 MultiByteToWideChar _fread_nolock 16840->16844 16841 7ff7d789ec08 _get_daylight 11 API calls 16841->16844 16842 7ff7d78996ea 16843 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16842->16843 16843->16839 16844->16839 16844->16840 16844->16841 16844->16842 16845 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16844->16845 16845->16844 16847 7ff7d78a2ad0 16846->16847 16848 7ff7d789929a 16846->16848 16849 7ff7d789d66c _fread_nolock 12 API calls 16847->16849 16848->16830 16848->16831 16850 7ff7d78a2b07 memcpy_s 16849->16850 16851 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16850->16851 16852 7ff7d78a2b27 FreeEnvironmentStringsW 16851->16852 16852->16848 16854 7ff7d7899424 16853->16854 16855 7ff7d789ec08 _get_daylight 11 API calls 16854->16855 16867 7ff7d789945f 16855->16867 16856 7ff7d7899467 16857 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16856->16857 16858 7ff7d78992b6 16857->16858 16858->16835 16859 7ff7d78994e1 16860 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16859->16860 16860->16858 16861 7ff7d789ec08 _get_daylight 11 API calls 16861->16867 16862 7ff7d78994d0 16864 7ff7d7899518 11 API calls 16862->16864 16863 7ff7d78a04e4 37 API calls 16863->16867 16865 7ff7d78994d8 16864->16865 16868 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16865->16868 16866 7ff7d7899504 16869 7ff7d789a970 _isindst 17 API calls 16866->16869 16867->16856 16867->16859 16867->16861 16867->16862 16867->16863 16867->16866 16870 7ff7d789a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16867->16870 16868->16856 16871 7ff7d7899516 16869->16871 16870->16867 16873 7ff7d78a8ba1 __crtLCMapStringW 16872->16873 16874 7ff7d78a715e 16873->16874 16875 7ff7d789efd8 6 API calls 16873->16875 16874->16439 16874->16440 16875->16874 20217 7ff7d78aae6e 20218 7ff7d78aae87 20217->20218 20219 7ff7d78aae7d 20217->20219 20221 7ff7d78a03a8 LeaveCriticalSection 20219->20221 20430 7ff7d78aadd9 20433 7ff7d78954e8 LeaveCriticalSection 20430->20433 20624 7ff7d789c590 20635 7ff7d78a0348 EnterCriticalSection 20624->20635 20238 7ff7d7895480 20239 7ff7d789548b 20238->20239 20247 7ff7d789f314 20239->20247 20260 7ff7d78a0348 EnterCriticalSection 20247->20260 17086 7ff7d789f9fc 17087 7ff7d789fbee 17086->17087 17089 7ff7d789fa3e _isindst 17086->17089 17088 7ff7d7894f78 _get_daylight 11 API calls 17087->17088 17106 7ff7d789fbde 17088->17106 17089->17087 17092 7ff7d789fabe _isindst 17089->17092 17090 7ff7d788c5c0 _log10_special 8 API calls 17091 7ff7d789fc09 17090->17091 17107 7ff7d78a6204 17092->17107 17097 7ff7d789fc1a 17098 7ff7d789a970 _isindst 17 API calls 17097->17098 17100 7ff7d789fc2e 17098->17100 17104 7ff7d789fb1b 17104->17106 17131 7ff7d78a6248 17104->17131 17106->17090 17108 7ff7d78a6213 17107->17108 17112 7ff7d789fadc 17107->17112 17138 7ff7d78a0348 EnterCriticalSection 17108->17138 17113 7ff7d78a5608 17112->17113 17114 7ff7d78a5611 17113->17114 17118 7ff7d789faf1 17113->17118 17115 7ff7d7894f78 _get_daylight 11 API calls 17114->17115 17116 7ff7d78a5616 17115->17116 17117 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 17116->17117 17117->17118 17118->17097 17119 7ff7d78a5638 17118->17119 17120 7ff7d78a5641 17119->17120 17124 7ff7d789fb02 17119->17124 17121 7ff7d7894f78 _get_daylight 11 API calls 17120->17121 17122 7ff7d78a5646 17121->17122 17123 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 17122->17123 17123->17124 17124->17097 17125 7ff7d78a5668 17124->17125 17126 7ff7d78a5671 17125->17126 17127 7ff7d789fb13 17125->17127 17128 7ff7d7894f78 _get_daylight 11 API calls 17126->17128 17127->17097 17127->17104 17129 7ff7d78a5676 17128->17129 17130 7ff7d789a950 _invalid_parameter_noinfo 37 API calls 17129->17130 17130->17127 17139 7ff7d78a0348 EnterCriticalSection 17131->17139

                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                    Function 00007FF7D7888BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 0 7ff7d7888bd0-7ff7d7888d16 call 7ff7d788c8c0 call 7ff7d7889400 SetConsoleCtrlHandler GetStartupInfoW call 7ff7d7895460 call 7ff7d789a4ec call 7ff7d789878c call 7ff7d7895460 call 7ff7d789a4ec call 7ff7d789878c call 7ff7d7895460 call 7ff7d789a4ec call 7ff7d789878c GetCommandLineW CreateProcessW 23 7ff7d7888d18-7ff7d7888d38 GetLastError call 7ff7d7882c50 0->23 24 7ff7d7888d3d-7ff7d7888d79 RegisterClassW 0->24 31 7ff7d7889029-7ff7d788904f call 7ff7d788c5c0 23->31 26 7ff7d7888d81-7ff7d7888dd5 CreateWindowExW 24->26 27 7ff7d7888d7b GetLastError 24->27 29 7ff7d7888ddf-7ff7d7888de4 ShowWindow 26->29 30 7ff7d7888dd7-7ff7d7888ddd GetLastError 26->30 27->26 32 7ff7d7888dea-7ff7d7888dfa WaitForSingleObject 29->32 30->32 34 7ff7d7888e78-7ff7d7888e7f 32->34 35 7ff7d7888dfc 32->35 37 7ff7d7888e81-7ff7d7888e91 WaitForSingleObject 34->37 38 7ff7d7888ec2-7ff7d7888ec9 34->38 36 7ff7d7888e00-7ff7d7888e03 35->36 40 7ff7d7888e05 GetLastError 36->40 41 7ff7d7888e0b-7ff7d7888e12 36->41 42 7ff7d7888e97-7ff7d7888ea7 TerminateProcess 37->42 43 7ff7d7888fe8-7ff7d7888ff2 37->43 44 7ff7d7888ecf-7ff7d7888ee5 QueryPerformanceFrequency QueryPerformanceCounter 38->44 45 7ff7d7888fb0-7ff7d7888fc9 GetMessageW 38->45 40->41 41->37 46 7ff7d7888e14-7ff7d7888e31 PeekMessageW 41->46 51 7ff7d7888eaf-7ff7d7888ebd WaitForSingleObject 42->51 52 7ff7d7888ea9 GetLastError 42->52 49 7ff7d7889001-7ff7d7889025 GetExitCodeProcess CloseHandle * 2 43->49 50 7ff7d7888ff4-7ff7d7888ffa DestroyWindow 43->50 53 7ff7d7888ef0-7ff7d7888f28 MsgWaitForMultipleObjects PeekMessageW 44->53 47 7ff7d7888fdf-7ff7d7888fe6 45->47 48 7ff7d7888fcb-7ff7d7888fd9 TranslateMessage DispatchMessageW 45->48 54 7ff7d7888e33-7ff7d7888e64 TranslateMessage DispatchMessageW PeekMessageW 46->54 55 7ff7d7888e66-7ff7d7888e76 WaitForSingleObject 46->55 47->43 47->45 48->47 49->31 50->49 51->43 52->51 56 7ff7d7888f63-7ff7d7888f6a 53->56 57 7ff7d7888f2a 53->57 54->54 54->55 55->34 55->36 56->45 58 7ff7d7888f6c-7ff7d7888f95 QueryPerformanceCounter 56->58 59 7ff7d7888f30-7ff7d7888f61 TranslateMessage DispatchMessageW PeekMessageW 57->59 58->53 60 7ff7d7888f9b-7ff7d7888fa2 58->60 59->56 59->59 60->43 61 7ff7d7888fa4-7ff7d7888fa8 60->61 61->45
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                                    • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                                    • API String ID: 3832162212-3165540532
                                                                                                                                                                                                                                    • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                                                    • Instruction ID: c89b89711fc49d92e8ffa6b6e568fa60a66818e57f1108977d371edfae77e1d7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3D17332A18A8286E710AF74E8542ADBF65FF84B58FC00237DA5D43A98DF3CD566C710
                                                                                                                                                                                                                                    Function 00007FF7D7881000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 62 7ff7d7881000-7ff7d7883806 call 7ff7d788fe88 call 7ff7d788fe90 call 7ff7d788c8c0 call 7ff7d7895460 call 7ff7d78954f4 call 7ff7d78836b0 76 7ff7d7883808-7ff7d788380f 62->76 77 7ff7d7883814-7ff7d7883836 call 7ff7d7881950 62->77 78 7ff7d7883c97-7ff7d7883cb2 call 7ff7d788c5c0 76->78 83 7ff7d788383c-7ff7d7883856 call 7ff7d7881c80 77->83 84 7ff7d788391b-7ff7d7883931 call 7ff7d78845b0 77->84 88 7ff7d788385b-7ff7d788389b call 7ff7d7888a20 83->88 89 7ff7d788396a-7ff7d788397f call 7ff7d7882710 84->89 90 7ff7d7883933-7ff7d7883960 call 7ff7d7887f80 84->90 97 7ff7d788389d-7ff7d78838a3 88->97 98 7ff7d78838c1-7ff7d78838cc call 7ff7d7894fa0 88->98 102 7ff7d7883c8f 89->102 100 7ff7d7883984-7ff7d78839a6 call 7ff7d7881c80 90->100 101 7ff7d7883962-7ff7d7883965 call 7ff7d78900bc 90->101 103 7ff7d78838a5-7ff7d78838ad 97->103 104 7ff7d78838af-7ff7d78838bd call 7ff7d7888b90 97->104 110 7ff7d78839fc-7ff7d7883a06 call 7ff7d7888b30 98->110 111 7ff7d78838d2-7ff7d78838e1 call 7ff7d7888a20 98->111 115 7ff7d78839b0-7ff7d78839b9 100->115 101->89 102->78 103->104 104->98 117 7ff7d7883a0b-7ff7d7883a2a call 7ff7d7888b90 * 3 110->117 119 7ff7d78838e7-7ff7d78838ed 111->119 120 7ff7d78839f4-7ff7d78839f7 call 7ff7d7894fa0 111->120 115->115 118 7ff7d78839bb-7ff7d78839d8 call 7ff7d7881950 115->118 138 7ff7d7883a2f-7ff7d7883a3e call 7ff7d7888a20 117->138 118->88 127 7ff7d78839de-7ff7d78839ef call 7ff7d7882710 118->127 124 7ff7d78838f0-7ff7d78838fc 119->124 120->110 128 7ff7d78838fe-7ff7d7883903 124->128 129 7ff7d7883905-7ff7d7883908 124->129 127->102 128->124 128->129 129->120 132 7ff7d788390e-7ff7d7883916 call 7ff7d7894fa0 129->132 132->138 141 7ff7d7883b45-7ff7d7883b53 138->141 142 7ff7d7883a44-7ff7d7883a47 138->142 144 7ff7d7883b59-7ff7d7883b5d 141->144 145 7ff7d7883a67 141->145 142->141 143 7ff7d7883a4d-7ff7d7883a50 142->143 146 7ff7d7883a56-7ff7d7883a5a 143->146 147 7ff7d7883b14-7ff7d7883b17 143->147 148 7ff7d7883a6b-7ff7d7883a90 call 7ff7d7894fa0 144->148 145->148 146->147 149 7ff7d7883a60 146->149 150 7ff7d7883b19-7ff7d7883b1d 147->150 151 7ff7d7883b2f-7ff7d7883b40 call 7ff7d7882710 147->151 157 7ff7d7883aab-7ff7d7883ac0 148->157 158 7ff7d7883a92-7ff7d7883aa6 call 7ff7d7888b30 148->158 149->145 150->151 153 7ff7d7883b1f-7ff7d7883b2a 150->153 159 7ff7d7883c7f-7ff7d7883c87 151->159 153->148 161 7ff7d7883be8-7ff7d7883bfa call 7ff7d7888a20 157->161 162 7ff7d7883ac6-7ff7d7883aca 157->162 158->157 159->102 170 7ff7d7883c2e 161->170 171 7ff7d7883bfc-7ff7d7883c02 161->171 164 7ff7d7883bcd-7ff7d7883be2 call 7ff7d7881940 162->164 165 7ff7d7883ad0-7ff7d7883ae8 call 7ff7d78952c0 162->165 164->161 164->162 176 7ff7d7883aea-7ff7d7883b02 call 7ff7d78952c0 165->176 177 7ff7d7883b62-7ff7d7883b7a call 7ff7d78952c0 165->177 173 7ff7d7883c31-7ff7d7883c40 call 7ff7d7894fa0 170->173 174 7ff7d7883c1e-7ff7d7883c2c 171->174 175 7ff7d7883c04-7ff7d7883c1c 171->175 185 7ff7d7883c46-7ff7d7883c4a 173->185 186 7ff7d7883d41-7ff7d7883d63 call 7ff7d78844d0 173->186 174->173 175->173 176->164 184 7ff7d7883b08-7ff7d7883b0f 176->184 187 7ff7d7883b7c-7ff7d7883b80 177->187 188 7ff7d7883b87-7ff7d7883b9f call 7ff7d78952c0 177->188 184->164 190 7ff7d7883cd4-7ff7d7883ce6 call 7ff7d7888a20 185->190 191 7ff7d7883c50-7ff7d7883c5f call 7ff7d78890e0 185->191 201 7ff7d7883d65-7ff7d7883d6f call 7ff7d7884620 186->201 202 7ff7d7883d71-7ff7d7883d82 call 7ff7d7881c80 186->202 187->188 197 7ff7d7883bac-7ff7d7883bc4 call 7ff7d78952c0 188->197 198 7ff7d7883ba1-7ff7d7883ba5 188->198 206 7ff7d7883ce8-7ff7d7883ceb 190->206 207 7ff7d7883d35-7ff7d7883d3c 190->207 204 7ff7d7883cb3-7ff7d7883cb6 call 7ff7d7888850 191->204 205 7ff7d7883c61 191->205 197->164 217 7ff7d7883bc6 197->217 198->197 215 7ff7d7883d87-7ff7d7883d96 201->215 202->215 216 7ff7d7883cbb-7ff7d7883cbd 204->216 212 7ff7d7883c68 call 7ff7d7882710 205->212 206->207 213 7ff7d7883ced-7ff7d7883d10 call 7ff7d7881c80 206->213 207->212 226 7ff7d7883c6d-7ff7d7883c77 212->226 230 7ff7d7883d2b-7ff7d7883d33 call 7ff7d7894fa0 213->230 231 7ff7d7883d12-7ff7d7883d26 call 7ff7d7882710 call 7ff7d7894fa0 213->231 220 7ff7d7883d98-7ff7d7883d9f 215->220 221 7ff7d7883dc4-7ff7d7883dda call 7ff7d7889400 215->221 224 7ff7d7883cc8-7ff7d7883ccf 216->224 225 7ff7d7883cbf-7ff7d7883cc6 216->225 217->164 220->221 222 7ff7d7883da1-7ff7d7883da5 220->222 233 7ff7d7883ddc 221->233 234 7ff7d7883de8-7ff7d7883e04 SetDllDirectoryW 221->234 222->221 228 7ff7d7883da7-7ff7d7883dbe SetDllDirectoryW LoadLibraryExW 222->228 224->215 225->212 226->159 228->221 230->215 231->226 233->234 237 7ff7d7883e0a-7ff7d7883e19 call 7ff7d7888a20 234->237 238 7ff7d7883f01-7ff7d7883f08 234->238 251 7ff7d7883e1b-7ff7d7883e21 237->251 252 7ff7d7883e32-7ff7d7883e3c call 7ff7d7894fa0 237->252 241 7ff7d7883f0e-7ff7d7883f15 238->241 242 7ff7d7883ffc-7ff7d7884004 238->242 241->242 245 7ff7d7883f1b-7ff7d7883f25 call 7ff7d78833c0 241->245 246 7ff7d7884029-7ff7d788405b call 7ff7d78836a0 call 7ff7d7883360 call 7ff7d7883670 call 7ff7d7886fb0 call 7ff7d7886d60 242->246 247 7ff7d7884006-7ff7d7884023 PostMessageW GetMessageW 242->247 245->226 259 7ff7d7883f2b-7ff7d7883f3f call 7ff7d78890c0 245->259 247->246 255 7ff7d7883e2d-7ff7d7883e2f 251->255 256 7ff7d7883e23-7ff7d7883e2b 251->256 261 7ff7d7883ef2-7ff7d7883efc call 7ff7d7888b30 252->261 262 7ff7d7883e42-7ff7d7883e48 252->262 255->252 256->255 271 7ff7d7883f64-7ff7d7883fa0 call 7ff7d7888b30 call 7ff7d7888bd0 call 7ff7d7886fb0 call 7ff7d7886d60 call 7ff7d7888ad0 259->271 272 7ff7d7883f41-7ff7d7883f5e PostMessageW GetMessageW 259->272 261->238 262->261 266 7ff7d7883e4e-7ff7d7883e54 262->266 269 7ff7d7883e56-7ff7d7883e58 266->269 270 7ff7d7883e5f-7ff7d7883e61 266->270 274 7ff7d7883e5a 269->274 275 7ff7d7883e67-7ff7d7883e83 call 7ff7d7886db0 call 7ff7d7887330 269->275 270->238 270->275 307 7ff7d7883fa5-7ff7d7883fa7 271->307 272->271 274->238 290 7ff7d7883e8e-7ff7d7883e95 275->290 291 7ff7d7883e85-7ff7d7883e8c 275->291 294 7ff7d7883e97-7ff7d7883ea4 call 7ff7d7886df0 290->294 295 7ff7d7883eaf-7ff7d7883eb9 call 7ff7d78871a0 290->295 293 7ff7d7883edb-7ff7d7883ef0 call 7ff7d7882a50 call 7ff7d7886fb0 call 7ff7d7886d60 291->293 293->238 294->295 304 7ff7d7883ea6-7ff7d7883ead 294->304 305 7ff7d7883ebb-7ff7d7883ec2 295->305 306 7ff7d7883ec4-7ff7d7883ed2 call 7ff7d78874e0 295->306 304->293 305->293 306->238 318 7ff7d7883ed4 306->318 310 7ff7d7883fe9-7ff7d7883ff7 call 7ff7d7881900 307->310 311 7ff7d7883fa9-7ff7d7883fb3 call 7ff7d7889200 307->311 310->226 311->310 321 7ff7d7883fb5-7ff7d7883fca 311->321 318->293 322 7ff7d7883fcc-7ff7d7883fdf call 7ff7d7882710 call 7ff7d7881900 321->322 323 7ff7d7883fe4 call 7ff7d7882a50 321->323 322->226 323->310
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                    • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                                    • API String ID: 2776309574-4232158417
                                                                                                                                                                                                                                    • Opcode ID: 221ee4957dd18ffe06ee3afddcba002a7644656f480b66111b2d55fc76433b33
                                                                                                                                                                                                                                    • Instruction ID: a44dda6e8283b8cdbdb2340f4d74829d085d358531650812dc4bd1af44a442fe
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 221ee4957dd18ffe06ee3afddcba002a7644656f480b66111b2d55fc76433b33
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C325921A0868291FB25BB25E5553BDEEA1AF44780FC44037DA5D43BD6EF2CE57AC320
                                                                                                                                                                                                                                    Function 00007FF7D78A5C70 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 477 7ff7d78a5c70-7ff7d78a5cab call 7ff7d78a55f8 call 7ff7d78a5600 call 7ff7d78a5668 484 7ff7d78a5cb1-7ff7d78a5cbc call 7ff7d78a5608 477->484 485 7ff7d78a5ed5-7ff7d78a5f21 call 7ff7d789a970 call 7ff7d78a55f8 call 7ff7d78a5600 call 7ff7d78a5668 477->485 484->485 490 7ff7d78a5cc2-7ff7d78a5ccc 484->490 511 7ff7d78a605f-7ff7d78a60cd call 7ff7d789a970 call 7ff7d78a15e8 485->511 512 7ff7d78a5f27-7ff7d78a5f32 call 7ff7d78a5608 485->512 492 7ff7d78a5cee-7ff7d78a5cf2 490->492 493 7ff7d78a5cce-7ff7d78a5cd1 490->493 496 7ff7d78a5cf5-7ff7d78a5cfd 492->496 495 7ff7d78a5cd4-7ff7d78a5cdf 493->495 498 7ff7d78a5ce1-7ff7d78a5ce8 495->498 499 7ff7d78a5cea-7ff7d78a5cec 495->499 496->496 500 7ff7d78a5cff-7ff7d78a5d12 call 7ff7d789d66c 496->500 498->495 498->499 499->492 502 7ff7d78a5d1b-7ff7d78a5d29 499->502 507 7ff7d78a5d14-7ff7d78a5d16 call 7ff7d789a9b8 500->507 508 7ff7d78a5d2a-7ff7d78a5d36 call 7ff7d789a9b8 500->508 507->502 518 7ff7d78a5d3d-7ff7d78a5d45 508->518 530 7ff7d78a60cf-7ff7d78a60d6 511->530 531 7ff7d78a60db-7ff7d78a60de 511->531 512->511 520 7ff7d78a5f38-7ff7d78a5f43 call 7ff7d78a5638 512->520 518->518 521 7ff7d78a5d47-7ff7d78a5d58 call 7ff7d78a04e4 518->521 520->511 529 7ff7d78a5f49-7ff7d78a5f6c call 7ff7d789a9b8 GetTimeZoneInformation 520->529 521->485 532 7ff7d78a5d5e-7ff7d78a5db4 call 7ff7d78aa540 * 4 call 7ff7d78a5b8c 521->532 544 7ff7d78a5f72-7ff7d78a5f93 529->544 545 7ff7d78a6034-7ff7d78a605e call 7ff7d78a55f0 call 7ff7d78a55e0 call 7ff7d78a55e8 529->545 534 7ff7d78a616b-7ff7d78a616e 530->534 535 7ff7d78a60e0 531->535 536 7ff7d78a6115-7ff7d78a6128 call 7ff7d789d66c 531->536 589 7ff7d78a5db6-7ff7d78a5dba 532->589 539 7ff7d78a60e3 call 7ff7d78a5eec 534->539 541 7ff7d78a6174-7ff7d78a617c call 7ff7d78a5c70 534->541 535->539 549 7ff7d78a6133-7ff7d78a614e call 7ff7d78a15e8 536->549 550 7ff7d78a612a 536->550 553 7ff7d78a60e8-7ff7d78a6114 call 7ff7d789a9b8 call 7ff7d788c5c0 539->553 541->553 551 7ff7d78a5f95-7ff7d78a5f9b 544->551 552 7ff7d78a5f9e-7ff7d78a5fa5 544->552 572 7ff7d78a6150-7ff7d78a6153 549->572 573 7ff7d78a6155-7ff7d78a6167 call 7ff7d789a9b8 549->573 557 7ff7d78a612c-7ff7d78a6131 call 7ff7d789a9b8 550->557 551->552 559 7ff7d78a5fa7-7ff7d78a5faf 552->559 560 7ff7d78a5fb9 552->560 557->535 559->560 566 7ff7d78a5fb1-7ff7d78a5fb7 559->566 569 7ff7d78a5fbb-7ff7d78a602f call 7ff7d78aa540 * 4 call 7ff7d78a2bcc call 7ff7d78a6184 * 2 560->569 566->569 569->545 572->557 573->534 591 7ff7d78a5dc0-7ff7d78a5dc4 589->591 592 7ff7d78a5dbc 589->592 591->589 594 7ff7d78a5dc6-7ff7d78a5deb call 7ff7d7896bc8 591->594 592->591 600 7ff7d78a5dee-7ff7d78a5df2 594->600 602 7ff7d78a5e01-7ff7d78a5e05 600->602 603 7ff7d78a5df4-7ff7d78a5dff 600->603 602->600 603->602 605 7ff7d78a5e07-7ff7d78a5e0b 603->605 608 7ff7d78a5e8c-7ff7d78a5e90 605->608 609 7ff7d78a5e0d-7ff7d78a5e35 call 7ff7d7896bc8 605->609 610 7ff7d78a5e92-7ff7d78a5e94 608->610 611 7ff7d78a5e97-7ff7d78a5ea4 608->611 617 7ff7d78a5e53-7ff7d78a5e57 609->617 618 7ff7d78a5e37 609->618 610->611 613 7ff7d78a5ebf-7ff7d78a5ece call 7ff7d78a55f0 call 7ff7d78a55e0 611->613 614 7ff7d78a5ea6-7ff7d78a5ebc call 7ff7d78a5b8c 611->614 613->485 614->613 617->608 620 7ff7d78a5e59-7ff7d78a5e77 call 7ff7d7896bc8 617->620 622 7ff7d78a5e3a-7ff7d78a5e41 618->622 629 7ff7d78a5e83-7ff7d78a5e8a 620->629 622->617 626 7ff7d78a5e43-7ff7d78a5e51 622->626 626->617 626->622 629->608 630 7ff7d78a5e79-7ff7d78a5e7d 629->630 630->608 631 7ff7d78a5e7f 630->631 631->629
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7D78A5CB5
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D78A5608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D78A561C
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D789A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7D78A2D92,?,?,?,00007FF7D78A2DCF,?,?,00000000,00007FF7D78A3295,?,?,?,00007FF7D78A31C7), ref: 00007FF7D789A9CE
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D789A9B8: GetLastError.KERNEL32(?,?,?,00007FF7D78A2D92,?,?,?,00007FF7D78A2DCF,?,?,00000000,00007FF7D78A3295,?,?,?,00007FF7D78A31C7), ref: 00007FF7D789A9D8
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D789A970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7D789A94F,?,?,?,?,?,00007FF7D789A83A), ref: 00007FF7D789A979
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D789A970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7D789A94F,?,?,?,?,?,00007FF7D789A83A), ref: 00007FF7D789A99E
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7D78A5CA4
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D78A5668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D78A567C
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7D78A5F1A
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7D78A5F2B
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7D78A5F3C
                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7D78A617C), ref: 00007FF7D78A5F63
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                    • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                    • Opcode ID: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                                                    • Instruction ID: 7b54046848626cc2f86ebc99c10d91f7950bce9389e51659b019e74ea88b0b6f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8AD1B322B0824246EB24BF25DA521BDAB51FF54794FC48137EA0D47A95EF3CE4A3C760
                                                                                                                                                                                                                                    Function 00007FF7D78A69D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 691 7ff7d78a69d4-7ff7d78a6a47 call 7ff7d78a6708 694 7ff7d78a6a61-7ff7d78a6a6b call 7ff7d7898590 691->694 695 7ff7d78a6a49-7ff7d78a6a52 call 7ff7d7894f58 691->695 700 7ff7d78a6a86-7ff7d78a6aef CreateFileW 694->700 701 7ff7d78a6a6d-7ff7d78a6a84 call 7ff7d7894f58 call 7ff7d7894f78 694->701 702 7ff7d78a6a55-7ff7d78a6a5c call 7ff7d7894f78 695->702 705 7ff7d78a6af1-7ff7d78a6af7 700->705 706 7ff7d78a6b6c-7ff7d78a6b77 GetFileType 700->706 701->702 713 7ff7d78a6da2-7ff7d78a6dc2 702->713 711 7ff7d78a6b39-7ff7d78a6b67 GetLastError call 7ff7d7894eec 705->711 712 7ff7d78a6af9-7ff7d78a6afd 705->712 708 7ff7d78a6bca-7ff7d78a6bd1 706->708 709 7ff7d78a6b79-7ff7d78a6bb4 GetLastError call 7ff7d7894eec CloseHandle 706->709 716 7ff7d78a6bd3-7ff7d78a6bd7 708->716 717 7ff7d78a6bd9-7ff7d78a6bdc 708->717 709->702 725 7ff7d78a6bba-7ff7d78a6bc5 call 7ff7d7894f78 709->725 711->702 712->711 718 7ff7d78a6aff-7ff7d78a6b37 CreateFileW 712->718 723 7ff7d78a6be2-7ff7d78a6c37 call 7ff7d78984a8 716->723 717->723 724 7ff7d78a6bde 717->724 718->706 718->711 730 7ff7d78a6c56-7ff7d78a6c87 call 7ff7d78a6488 723->730 731 7ff7d78a6c39-7ff7d78a6c45 call 7ff7d78a6910 723->731 724->723 725->702 737 7ff7d78a6c89-7ff7d78a6c8b 730->737 738 7ff7d78a6c8d-7ff7d78a6ccf 730->738 731->730 736 7ff7d78a6c47 731->736 739 7ff7d78a6c49-7ff7d78a6c51 call 7ff7d789ab30 736->739 737->739 740 7ff7d78a6cf1-7ff7d78a6cfc 738->740 741 7ff7d78a6cd1-7ff7d78a6cd5 738->741 739->713 744 7ff7d78a6da0 740->744 745 7ff7d78a6d02-7ff7d78a6d06 740->745 741->740 743 7ff7d78a6cd7-7ff7d78a6cec 741->743 743->740 744->713 745->744 747 7ff7d78a6d0c-7ff7d78a6d51 CloseHandle CreateFileW 745->747 748 7ff7d78a6d53-7ff7d78a6d81 GetLastError call 7ff7d7894eec call 7ff7d78986d0 747->748 749 7ff7d78a6d86-7ff7d78a6d9b 747->749 748->749 749->744
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1617910340-0
                                                                                                                                                                                                                                    • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                                    • Instruction ID: b6603550792fa0dbb59d1f43df5c1c77ef33ebabc222367d259f2a77d51ef74f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99C1D436B28A4285EB10EF65C5906AD7B61F749BA8F815236DF2E577D4DF38E022C310
                                                                                                                                                                                                                                    Function 00007FF7D78883B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindFirstFileW.KERNELBASE(?,00007FF7D7888B09,00007FF7D7883FA5), ref: 00007FF7D788841B
                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?,00007FF7D7888B09,00007FF7D7883FA5), ref: 00007FF7D788849E
                                                                                                                                                                                                                                    • DeleteFileW.KERNELBASE(?,00007FF7D7888B09,00007FF7D7883FA5), ref: 00007FF7D78884BD
                                                                                                                                                                                                                                    • FindNextFileW.KERNELBASE(?,00007FF7D7888B09,00007FF7D7883FA5), ref: 00007FF7D78884CB
                                                                                                                                                                                                                                    • FindClose.KERNEL32(?,00007FF7D7888B09,00007FF7D7883FA5), ref: 00007FF7D78884DC
                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNELBASE(?,00007FF7D7888B09,00007FF7D7883FA5), ref: 00007FF7D78884E5
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                    • String ID: %s\*
                                                                                                                                                                                                                                    • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                    • Opcode ID: 39a93d91a788addd72801eeb202cf5dd5373a6ceabdc1da620128e14205563d9
                                                                                                                                                                                                                                    • Instruction ID: 759710245ef8afc3b71bf144a3133f5e09717944241a31bd30a60da85978b305
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39a93d91a788addd72801eeb202cf5dd5373a6ceabdc1da620128e14205563d9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15416E22A1CA5389EB20BB64F4445BDABA1FF94754FC40233D99D43698DF3CE56B8720
                                                                                                                                                                                                                                    Function 00007FF7D78A5EEC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 1012 7ff7d78a5eec-7ff7d78a5f21 call 7ff7d78a55f8 call 7ff7d78a5600 call 7ff7d78a5668 1019 7ff7d78a605f-7ff7d78a60cd call 7ff7d789a970 call 7ff7d78a15e8 1012->1019 1020 7ff7d78a5f27-7ff7d78a5f32 call 7ff7d78a5608 1012->1020 1032 7ff7d78a60cf-7ff7d78a60d6 1019->1032 1033 7ff7d78a60db-7ff7d78a60de 1019->1033 1020->1019 1025 7ff7d78a5f38-7ff7d78a5f43 call 7ff7d78a5638 1020->1025 1025->1019 1031 7ff7d78a5f49-7ff7d78a5f6c call 7ff7d789a9b8 GetTimeZoneInformation 1025->1031 1043 7ff7d78a5f72-7ff7d78a5f93 1031->1043 1044 7ff7d78a6034-7ff7d78a605e call 7ff7d78a55f0 call 7ff7d78a55e0 call 7ff7d78a55e8 1031->1044 1035 7ff7d78a616b-7ff7d78a616e 1032->1035 1036 7ff7d78a60e0 1033->1036 1037 7ff7d78a6115-7ff7d78a6128 call 7ff7d789d66c 1033->1037 1039 7ff7d78a60e3 call 7ff7d78a5eec 1035->1039 1040 7ff7d78a6174-7ff7d78a617c call 7ff7d78a5c70 1035->1040 1036->1039 1047 7ff7d78a6133-7ff7d78a614e call 7ff7d78a15e8 1037->1047 1048 7ff7d78a612a 1037->1048 1051 7ff7d78a60e8-7ff7d78a6114 call 7ff7d789a9b8 call 7ff7d788c5c0 1039->1051 1040->1051 1049 7ff7d78a5f95-7ff7d78a5f9b 1043->1049 1050 7ff7d78a5f9e-7ff7d78a5fa5 1043->1050 1067 7ff7d78a6150-7ff7d78a6153 1047->1067 1068 7ff7d78a6155-7ff7d78a6167 call 7ff7d789a9b8 1047->1068 1054 7ff7d78a612c-7ff7d78a6131 call 7ff7d789a9b8 1048->1054 1049->1050 1056 7ff7d78a5fa7-7ff7d78a5faf 1050->1056 1057 7ff7d78a5fb9 1050->1057 1054->1036 1056->1057 1062 7ff7d78a5fb1-7ff7d78a5fb7 1056->1062 1064 7ff7d78a5fbb-7ff7d78a602f call 7ff7d78aa540 * 4 call 7ff7d78a2bcc call 7ff7d78a6184 * 2 1057->1064 1062->1064 1064->1044 1067->1054 1068->1035
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7D78A5F1A
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D78A5668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D78A567C
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7D78A5F2B
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D78A5608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D78A561C
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7D78A5F3C
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D78A5638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D78A564C
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D789A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7D78A2D92,?,?,?,00007FF7D78A2DCF,?,?,00000000,00007FF7D78A3295,?,?,?,00007FF7D78A31C7), ref: 00007FF7D789A9CE
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D789A9B8: GetLastError.KERNEL32(?,?,?,00007FF7D78A2D92,?,?,?,00007FF7D78A2DCF,?,?,00000000,00007FF7D78A3295,?,?,?,00007FF7D78A31C7), ref: 00007FF7D789A9D8
                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7D78A617C), ref: 00007FF7D78A5F63
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                    • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                    • Opcode ID: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                                                    • Instruction ID: ea6576e7a680ab38c532137eceb4b8dda6789d5da56433794c51a722eb294e71
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16515432A1864286E710FF31E9815ADEF61BB48784FC45137EA4D87A96DF3CE4638760
                                                                                                                                                                                                                                    Function 00007FF7D78892F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                                                                                                                    • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                                    • Instruction ID: 0db2794e3a0579946cfb3dd3a1ba5e3d48d4fdb28a3ddf2cc1b67180f4108e68
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6F04422A1874286F7609B60F44976EAF50FB84764FC41336D96D02AD4DF3CD06A8B10
                                                                                                                                                                                                                                    Function 00007FF7D78A0938 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1010374628-0
                                                                                                                                                                                                                                    • Opcode ID: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                                                                    • Instruction ID: 4a020f63d609ecc02696cf56bbffc14d67192933073a4a1b430925919b54b25b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C029C21A1D78241FB65BB119A0467DEE90AF45BA0FD98637DD6D463D2EF3CB4238320
                                                                                                                                                                                                                                    Function 00007FF7D7881950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 329 7ff7d7881950-7ff7d788198b call 7ff7d78845b0 332 7ff7d7881c4e-7ff7d7881c72 call 7ff7d788c5c0 329->332 333 7ff7d7881991-7ff7d78819d1 call 7ff7d7887f80 329->333 338 7ff7d7881c3b-7ff7d7881c3e call 7ff7d78900bc 333->338 339 7ff7d78819d7-7ff7d78819e7 call 7ff7d7890744 333->339 343 7ff7d7881c43-7ff7d7881c4b 338->343 344 7ff7d78819e9-7ff7d7881a03 call 7ff7d7894f78 call 7ff7d7882910 339->344 345 7ff7d7881a08-7ff7d7881a24 call 7ff7d789040c 339->345 343->332 344->338 351 7ff7d7881a26-7ff7d7881a40 call 7ff7d7894f78 call 7ff7d7882910 345->351 352 7ff7d7881a45-7ff7d7881a5a call 7ff7d7894f98 345->352 351->338 359 7ff7d7881a5c-7ff7d7881a76 call 7ff7d7894f78 call 7ff7d7882910 352->359 360 7ff7d7881a7b-7ff7d7881afc call 7ff7d7881c80 * 2 call 7ff7d7890744 352->360 359->338 371 7ff7d7881b01-7ff7d7881b14 call 7ff7d7894fb4 360->371 374 7ff7d7881b16-7ff7d7881b30 call 7ff7d7894f78 call 7ff7d7882910 371->374 375 7ff7d7881b35-7ff7d7881b4e call 7ff7d789040c 371->375 374->338 381 7ff7d7881b50-7ff7d7881b6a call 7ff7d7894f78 call 7ff7d7882910 375->381 382 7ff7d7881b6f-7ff7d7881b8b call 7ff7d7890180 375->382 381->338 389 7ff7d7881b9e-7ff7d7881bac 382->389 390 7ff7d7881b8d-7ff7d7881b99 call 7ff7d7882710 382->390 389->338 393 7ff7d7881bb2-7ff7d7881bb9 389->393 390->338 395 7ff7d7881bc1-7ff7d7881bc7 393->395 396 7ff7d7881bc9-7ff7d7881bd6 395->396 397 7ff7d7881be0-7ff7d7881bef 395->397 398 7ff7d7881bf1-7ff7d7881bfa 396->398 397->397 397->398 399 7ff7d7881bfc-7ff7d7881bff 398->399 400 7ff7d7881c0f 398->400 399->400 402 7ff7d7881c01-7ff7d7881c04 399->402 401 7ff7d7881c11-7ff7d7881c24 400->401 404 7ff7d7881c2d-7ff7d7881c39 401->404 405 7ff7d7881c26 401->405 402->400 403 7ff7d7881c06-7ff7d7881c09 402->403 403->400 406 7ff7d7881c0b-7ff7d7881c0d 403->406 404->338 404->395 405->404 406->401
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7887F80: _fread_nolock.LIBCMT ref: 00007FF7D788802A
                                                                                                                                                                                                                                    • _fread_nolock.LIBCMT ref: 00007FF7D7881A1B
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7882910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7D7881B6A), ref: 00007FF7D788295E
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                    • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                    • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                    • Opcode ID: da63181cfd8bd3617b97dba3752d2556ad46dc2abc02f4a746a50450d1438c1c
                                                                                                                                                                                                                                    • Instruction ID: 04a4cbaaf3d2ff021a30818c2cc35aa584574001305bdc354849004b5c4b1271
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da63181cfd8bd3617b97dba3752d2556ad46dc2abc02f4a746a50450d1438c1c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F819171E0968285EB60EB25E0406BDABA1EF48784FC4443BE98D47785DF3CE5A78760
                                                                                                                                                                                                                                    Function 00007FF7D7881600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 407 7ff7d7881600-7ff7d7881611 408 7ff7d7881637-7ff7d7881651 call 7ff7d78845b0 407->408 409 7ff7d7881613-7ff7d788161c call 7ff7d7881050 407->409 414 7ff7d7881653-7ff7d7881681 call 7ff7d7894f78 call 7ff7d7882910 408->414 415 7ff7d7881682-7ff7d788169c call 7ff7d78845b0 408->415 416 7ff7d788162e-7ff7d7881636 409->416 417 7ff7d788161e-7ff7d7881629 call 7ff7d7882710 409->417 424 7ff7d788169e-7ff7d78816b3 call 7ff7d7882710 415->424 425 7ff7d78816b8-7ff7d78816cf call 7ff7d7890744 415->425 417->416 433 7ff7d7881821-7ff7d7881824 call 7ff7d78900bc 424->433 431 7ff7d78816f9-7ff7d78816fd 425->431 432 7ff7d78816d1-7ff7d78816f4 call 7ff7d7894f78 call 7ff7d7882910 425->432 435 7ff7d7881717-7ff7d7881737 call 7ff7d7894fb4 431->435 436 7ff7d78816ff-7ff7d788170b call 7ff7d7881210 431->436 446 7ff7d7881819-7ff7d788181c call 7ff7d78900bc 432->446 441 7ff7d7881829-7ff7d788183b 433->441 447 7ff7d7881739-7ff7d788175c call 7ff7d7894f78 call 7ff7d7882910 435->447 448 7ff7d7881761-7ff7d788176c 435->448 443 7ff7d7881710-7ff7d7881712 436->443 443->446 446->433 461 7ff7d788180f-7ff7d7881814 447->461 449 7ff7d7881802-7ff7d788180a call 7ff7d7894fa0 448->449 450 7ff7d7881772-7ff7d7881777 448->450 449->461 454 7ff7d7881780-7ff7d78817a2 call 7ff7d789040c 450->454 462 7ff7d78817da-7ff7d78817e6 call 7ff7d7894f78 454->462 463 7ff7d78817a4-7ff7d78817bc call 7ff7d7890b4c 454->463 461->446 468 7ff7d78817ed-7ff7d78817f8 call 7ff7d7882910 462->468 469 7ff7d78817be-7ff7d78817c1 463->469 470 7ff7d78817c5-7ff7d78817d8 call 7ff7d7894f78 463->470 475 7ff7d78817fd 468->475 469->454 472 7ff7d78817c3 469->472 470->468 472->475 475->449
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                    • API String ID: 2050909247-1550345328
                                                                                                                                                                                                                                    • Opcode ID: 8dbe28cda3b13d9b487c63c283d4905791c58d88eef99676ddfba80944925a98
                                                                                                                                                                                                                                    • Instruction ID: 445d0c52051886fccda54ad833663397db09f9ca17b5e6a979412c92e45a50cd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8dbe28cda3b13d9b487c63c283d4905791c58d88eef99676ddfba80944925a98
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08518C61F0864392EA10BB21A5005AEEBA0BF44B94FD4453BEE4C47796EF3CF5668760
                                                                                                                                                                                                                                    Function 00007FF7D7888850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(?,?,00000000,00007FF7D7883CBB), ref: 00007FF7D78888F4
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00007FF7D7883CBB), ref: 00007FF7D78888FA
                                                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,00007FF7D7883CBB), ref: 00007FF7D788893C
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7888A20: GetEnvironmentVariableW.KERNEL32(00007FF7D788388E), ref: 00007FF7D7888A57
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7888A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7D7888A79
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D78982A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D78982C1
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7882810: MessageBoxW.USER32 ref: 00007FF7D78828EA
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                    • API String ID: 3563477958-1339014028
                                                                                                                                                                                                                                    • Opcode ID: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                                                    • Instruction ID: a7dc5ded9c215b54bb3effc6ffcf8a63ab6c8bce662447b3babcf168d93c4b3c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F41A012A1865345FA20FB65B9552FE9A91AF88784FC40133ED0D877DAEE3CE5238320
                                                                                                                                                                                                                                    Function 00007FF7D7881210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 754 7ff7d7881210-7ff7d788126d call 7ff7d788bdf0 757 7ff7d7881297-7ff7d78812af call 7ff7d7894fb4 754->757 758 7ff7d788126f-7ff7d7881296 call 7ff7d7882710 754->758 763 7ff7d78812d4-7ff7d78812e4 call 7ff7d7894fb4 757->763 764 7ff7d78812b1-7ff7d78812cf call 7ff7d7894f78 call 7ff7d7882910 757->764 770 7ff7d7881309-7ff7d788131b 763->770 771 7ff7d78812e6-7ff7d7881304 call 7ff7d7894f78 call 7ff7d7882910 763->771 777 7ff7d7881439-7ff7d788144e call 7ff7d788bad0 call 7ff7d7894fa0 * 2 764->777 772 7ff7d7881320-7ff7d7881345 call 7ff7d789040c 770->772 771->777 783 7ff7d788134b-7ff7d7881355 call 7ff7d7890180 772->783 784 7ff7d7881431 772->784 791 7ff7d7881453-7ff7d788146d 777->791 783->784 790 7ff7d788135b-7ff7d7881367 783->790 784->777 792 7ff7d7881370-7ff7d7881398 call 7ff7d788a230 790->792 795 7ff7d788139a-7ff7d788139d 792->795 796 7ff7d7881416-7ff7d788142c call 7ff7d7882710 792->796 798 7ff7d7881411 795->798 799 7ff7d788139f-7ff7d78813a9 795->799 796->784 798->796 800 7ff7d78813ab-7ff7d78813b9 call 7ff7d7890b4c 799->800 801 7ff7d78813d4-7ff7d78813d7 799->801 805 7ff7d78813be-7ff7d78813c1 800->805 803 7ff7d78813ea-7ff7d78813ef 801->803 804 7ff7d78813d9-7ff7d78813e7 call 7ff7d78a9ea0 801->804 803->792 807 7ff7d78813f5-7ff7d78813f8 803->807 804->803 808 7ff7d78813c3-7ff7d78813cd call 7ff7d7890180 805->808 809 7ff7d78813cf-7ff7d78813d2 805->809 811 7ff7d788140c-7ff7d788140f 807->811 812 7ff7d78813fa-7ff7d78813fd 807->812 808->803 808->809 809->796 811->784 812->796 814 7ff7d78813ff-7ff7d7881407 812->814 814->772
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                    • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                    • Opcode ID: 5203fde90a14cfca52878d148793ed0f56fa2f4a03ba52266beea290f2c18543
                                                                                                                                                                                                                                    • Instruction ID: 0c9f466ea34811458af936a51e5dba4489333123ba21819dd1b066f672178a29
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5203fde90a14cfca52878d148793ed0f56fa2f4a03ba52266beea290f2c18543
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3051B022A0868285E660BB15F4403BEEA91BF85794FC8413AED4D47BD5EF3CE527C720
                                                                                                                                                                                                                                    Function 00007FF7D789ED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF7D789F11A,?,?,-00000018,00007FF7D789ADC3,?,?,?,00007FF7D789ACBA,?,?,?,00007FF7D7895FAE), ref: 00007FF7D789EEFC
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF7D789F11A,?,?,-00000018,00007FF7D789ADC3,?,?,?,00007FF7D789ACBA,?,?,?,00007FF7D7895FAE), ref: 00007FF7D789EF08
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                    • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                    • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                                                    • Instruction ID: 5f085249255b769d1279714f2ad7945315fb52cd0bbb842ab9b371ac69564fdd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D941B022B19B1241EA15EB16980467DAFA1BF48B90FD8453FED1E47784EF3CF5268320
                                                                                                                                                                                                                                    Function 00007FF7D78836B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,00007FF7D7883804), ref: 00007FF7D78836E1
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7D7883804), ref: 00007FF7D78836EB
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7882C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7D7883706,?,00007FF7D7883804), ref: 00007FF7D7882C9E
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7882C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7D7883706,?,00007FF7D7883804), ref: 00007FF7D7882D63
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7882C50: MessageBoxW.USER32 ref: 00007FF7D7882D99
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                    • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                    • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                    • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                                    • Instruction ID: 2f97f00b549d28646aadfc7dd46646a15c573a46a6bd0b1b5ff26287f18c67f2
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31214F61B1864291FA20B724F9113BEAA91BF89354FC04137E55EC3AD5EE2CE526C720
                                                                                                                                                                                                                                    Function 00007FF7D789BACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 899 7ff7d789bacc-7ff7d789baf2 900 7ff7d789baf4-7ff7d789bb08 call 7ff7d7894f58 call 7ff7d7894f78 899->900 901 7ff7d789bb0d-7ff7d789bb11 899->901 917 7ff7d789befe 900->917 903 7ff7d789bee7-7ff7d789bef3 call 7ff7d7894f58 call 7ff7d7894f78 901->903 904 7ff7d789bb17-7ff7d789bb1e 901->904 923 7ff7d789bef9 call 7ff7d789a950 903->923 904->903 906 7ff7d789bb24-7ff7d789bb52 904->906 906->903 909 7ff7d789bb58-7ff7d789bb5f 906->909 912 7ff7d789bb61-7ff7d789bb73 call 7ff7d7894f58 call 7ff7d7894f78 909->912 913 7ff7d789bb78-7ff7d789bb7b 909->913 912->923 915 7ff7d789bb81-7ff7d789bb87 913->915 916 7ff7d789bee3-7ff7d789bee5 913->916 915->916 921 7ff7d789bb8d-7ff7d789bb90 915->921 920 7ff7d789bf01-7ff7d789bf18 916->920 917->920 921->912 925 7ff7d789bb92-7ff7d789bbb7 921->925 923->917 928 7ff7d789bbea-7ff7d789bbf1 925->928 929 7ff7d789bbb9-7ff7d789bbbb 925->929 930 7ff7d789bbf3-7ff7d789bc1b call 7ff7d789d66c call 7ff7d789a9b8 * 2 928->930 931 7ff7d789bbc6-7ff7d789bbdd call 7ff7d7894f58 call 7ff7d7894f78 call 7ff7d789a950 928->931 932 7ff7d789bbe2-7ff7d789bbe8 929->932 933 7ff7d789bbbd-7ff7d789bbc4 929->933 960 7ff7d789bc38-7ff7d789bc63 call 7ff7d789c2f4 930->960 961 7ff7d789bc1d-7ff7d789bc33 call 7ff7d7894f78 call 7ff7d7894f58 930->961 965 7ff7d789bd70 931->965 936 7ff7d789bc68-7ff7d789bc7f 932->936 933->931 933->932 937 7ff7d789bc81-7ff7d789bc89 936->937 938 7ff7d789bcfa-7ff7d789bd04 call 7ff7d78a398c 936->938 937->938 941 7ff7d789bc8b-7ff7d789bc8d 937->941 951 7ff7d789bd0a-7ff7d789bd1f 938->951 952 7ff7d789bd8e 938->952 941->938 945 7ff7d789bc8f-7ff7d789bca5 941->945 945->938 949 7ff7d789bca7-7ff7d789bcb3 945->949 949->938 954 7ff7d789bcb5-7ff7d789bcb7 949->954 951->952 957 7ff7d789bd21-7ff7d789bd33 GetConsoleMode 951->957 956 7ff7d789bd93-7ff7d789bdb3 ReadFile 952->956 954->938 959 7ff7d789bcb9-7ff7d789bcd1 954->959 962 7ff7d789bdb9-7ff7d789bdc1 956->962 963 7ff7d789bead-7ff7d789beb6 GetLastError 956->963 957->952 964 7ff7d789bd35-7ff7d789bd3d 957->964 959->938 969 7ff7d789bcd3-7ff7d789bcdf 959->969 960->936 961->965 962->963 971 7ff7d789bdc7 962->971 966 7ff7d789bed3-7ff7d789bed6 963->966 967 7ff7d789beb8-7ff7d789bece call 7ff7d7894f78 call 7ff7d7894f58 963->967 964->956 973 7ff7d789bd3f-7ff7d789bd61 ReadConsoleW 964->973 968 7ff7d789bd73-7ff7d789bd7d call 7ff7d789a9b8 965->968 979 7ff7d789bd69-7ff7d789bd6b call 7ff7d7894eec 966->979 980 7ff7d789bedc-7ff7d789bede 966->980 967->965 968->920 969->938 978 7ff7d789bce1-7ff7d789bce3 969->978 982 7ff7d789bdce-7ff7d789bde3 971->982 974 7ff7d789bd82-7ff7d789bd8c 973->974 975 7ff7d789bd63 GetLastError 973->975 974->982 975->979 978->938 987 7ff7d789bce5-7ff7d789bcf5 978->987 979->965 980->968 982->968 989 7ff7d789bde5-7ff7d789bdf0 982->989 987->938 992 7ff7d789bdf2-7ff7d789be0b call 7ff7d789b6e4 989->992 993 7ff7d789be17-7ff7d789be1f 989->993 998 7ff7d789be10-7ff7d789be12 992->998 994 7ff7d789be21-7ff7d789be33 993->994 995 7ff7d789be9b-7ff7d789bea8 call 7ff7d789b524 993->995 999 7ff7d789be35 994->999 1000 7ff7d789be8e-7ff7d789be96 994->1000 995->998 998->968 1003 7ff7d789be3a-7ff7d789be41 999->1003 1000->968 1004 7ff7d789be43-7ff7d789be47 1003->1004 1005 7ff7d789be7d-7ff7d789be88 1003->1005 1006 7ff7d789be63 1004->1006 1007 7ff7d789be49-7ff7d789be50 1004->1007 1005->1000 1009 7ff7d789be69-7ff7d789be79 1006->1009 1007->1006 1008 7ff7d789be52-7ff7d789be56 1007->1008 1008->1006 1010 7ff7d789be58-7ff7d789be61 1008->1010 1009->1003 1011 7ff7d789be7b 1009->1011 1010->1009 1011->1000
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                                                                    • Instruction ID: b9bce40292fd8c6979c394013ee3f8983f92a674d5b6e1528590e385f3086de6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6CC1A222A0CA8695E761AB1594442BEEF64EF81B90FD54133EA4E037D1DF7CF8668720
                                                                                                                                                                                                                                    Function 00007FF7D7888760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 995526605-0
                                                                                                                                                                                                                                    • Opcode ID: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                                                    • Instruction ID: db69b679747a0ac40a55c3ff089c40be5fec0680568fa81bded5c10902a66ff2
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3215E21A1C64342EB10AB55F55463EEBA1FB857A0FD00236EAAD43AE4DF6CD4668710
                                                                                                                                                                                                                                    Function 00007FF7D78890E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7888760: GetCurrentProcess.KERNEL32 ref: 00007FF7D7888780
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7888760: OpenProcessToken.ADVAPI32 ref: 00007FF7D7888793
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7888760: GetTokenInformation.KERNELBASE ref: 00007FF7D78887B8
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7888760: GetLastError.KERNEL32 ref: 00007FF7D78887C2
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7888760: GetTokenInformation.KERNELBASE ref: 00007FF7D7888802
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7888760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7D788881E
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7888760: CloseHandle.KERNELBASE ref: 00007FF7D7888836
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00007FF7D7883C55), ref: 00007FF7D788916C
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00007FF7D7883C55), ref: 00007FF7D7889175
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                    • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                                    • API String ID: 6828938-1529539262
                                                                                                                                                                                                                                    • Opcode ID: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                                                    • Instruction ID: dd86025416a022822b0db2222f6295f9474b62d18b32c830de2f738c1ec65684
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C214D25A1874285F710BB10F5152EEAAA5FF88780FC44037EA4D93B86DF3CE8668760
                                                                                                                                                                                                                                    Function 00007FF7D7887E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(00000000,?,00007FF7D788352C,?,00000000,00007FF7D7883F23), ref: 00007FF7D7887F22
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CreateDirectory
                                                                                                                                                                                                                                    • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                                    • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                                    • Opcode ID: 8ca7fb79b4ea6b2c566bb37e9ebd00ba932afb87f6e77ad964f7d4209dd14296
                                                                                                                                                                                                                                    • Instruction ID: ba754ac9cf7c17151ad964a07cbafa876519686990405ff0f88b3df026fb2819
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8ca7fb79b4ea6b2c566bb37e9ebd00ba932afb87f6e77ad964f7d4209dd14296
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5731B621A19AC145EB21AB21F4507AEA764EF84BE4FC40232EE6D47BC9DE3CD6528710
                                                                                                                                                                                                                                    Function 00007FF7D789CFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7D789CFBB), ref: 00007FF7D789D0EC
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7D789CFBB), ref: 00007FF7D789D177
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 953036326-0
                                                                                                                                                                                                                                    • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                                                    • Instruction ID: 271e65dc20e21f72b71787752a22782995c10f548d5ea1650c8db9bdc17cd1e3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30919E22E1865285F760AF7594402BDBFA0AB44B88FD4413BDE0E57A95DF38F4A38734
                                                                                                                                                                                                                                    Function 00007FF7D789F9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4170891091-0
                                                                                                                                                                                                                                    • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                                                    • Instruction ID: 3fd82390d898ee4554f4e233df529104200fe5458dc6e29760caac0cd144f1bf
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7251D872F081118AFB18EF24D9556BCABA1AB44368FD14137DD1E52AE5DB3CB463C710
                                                                                                                                                                                                                                    Function 00007FF7D78957EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2780335769-0
                                                                                                                                                                                                                                    • Opcode ID: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                                                    • Instruction ID: cfc9da995804ac23d5539b8dc3688c7dff632dcb2ae07d0454b6cc4dc12ea8e1
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8518022E086418AFB10EF71E4513BDABB1BB48B58FD44536DE4D57A89DF38E462C720
                                                                                                                                                                                                                                    Function 00007FF7D7895698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1279662727-0
                                                                                                                                                                                                                                    • Opcode ID: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                                                    • Instruction ID: 2a3eabd9cc05273cdadfd391715ddb20a8b379bfdb0c9da0a7480df5d0a12bf8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7741B322D1878283E710AB20955137DAB60FB94764F909336EA5C03AD2DF7CF6F28720
                                                                                                                                                                                                                                    Function 00007FF7D788CCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3251591375-0
                                                                                                                                                                                                                                    • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                                    • Instruction ID: 1e1e05b80d79cf4b9980dbc2b6663015e5288b444cb13da6af3485d257190a84
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B313920E0824341FA64BB25E4653BDEF91AF85784FC44477EA4D4B2DBDE2CB8278270
                                                                                                                                                                                                                                    Function 00007FF7D7899AA0 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                                                                                    • Opcode ID: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                                                    • Instruction ID: 2ad852279e7c479cb758b0b46fd2bb77fe8a8db0188c072226082d3cc984bd50
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8AD09E10F0874646EB143B715D9907C9E96AF88741FD4143AC84B07393EE6CF46B4320
                                                                                                                                                                                                                                    Function 00007FF7D78901AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                    • Instruction ID: ae7d8cbedb661528f40a6960b66077dbe2436915a177dce3022c299961721142
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D512625B0928386E724AA6595006BEEA91BF44BA4FD44732DE6C437C5DF3CF4239620
                                                                                                                                                                                                                                    Function 00007FF7D789C1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2976181284-0
                                                                                                                                                                                                                                    • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                                    • Instruction ID: e6f6d602dfd68dacb191285fa419fc1374404429c949a81b9c5f57bc47aeb18e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC11C461618A8181DB10AB25A80416DEB61BB45BF4FD44333EE7D4B7D9CF3CE0628700
                                                                                                                                                                                                                                    Function 00007FF7D7895994 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7D78958A9), ref: 00007FF7D78959C7
                                                                                                                                                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7D78958A9), ref: 00007FF7D78959DD
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1707611234-0
                                                                                                                                                                                                                                    • Opcode ID: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                                                    • Instruction ID: 5307d3aa38175ed02c6fa619b586633ab2f9837a047ad799adfefdbadc1ba307
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F011733261C65282EB54AB55A45213EFFA0FB84771FD00237FA9D819D8EF6CE066DB10
                                                                                                                                                                                                                                    Function 00007FF7D789A9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(?,?,?,00007FF7D78A2D92,?,?,?,00007FF7D78A2DCF,?,?,00000000,00007FF7D78A3295,?,?,?,00007FF7D78A31C7), ref: 00007FF7D789A9CE
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF7D78A2D92,?,?,?,00007FF7D78A2DCF,?,?,00000000,00007FF7D78A3295,?,?,?,00007FF7D78A31C7), ref: 00007FF7D789A9D8
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                                                                                                                    • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                                    • Instruction ID: ba782d0aeb341c010768430e4c8c71df15c24ec6a14877e8cfe4146ab2ec2dec
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56E0EC51F0964352FF187BB2A85517E9E91AF88B41FC54036D92D872A2EF2C78B78331
                                                                                                                                                                                                                                    Function 00007FF7D789ABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(?,?,?,00007FF7D789AA45,?,?,00000000,00007FF7D789AAFA), ref: 00007FF7D789AC36
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF7D789AA45,?,?,00000000,00007FF7D789AAFA), ref: 00007FF7D789AC40
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 918212764-0
                                                                                                                                                                                                                                    • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                                    • Instruction ID: 1818226b3b2bdd0384c7e1de3c55647bdb0917111769e61ef7448c297eb51d67
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C321A111B1C64242EEA07761949027D9E829F84BA4FD84237DA2E4B3C1CF6CF4A7C321
                                                                                                                                                                                                                                    Function 00007FF7D789BF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: 77f2f9c0c3853e5df4dc99a11e1b25eaa2aec769d06f52d5773e5caefc843251
                                                                                                                                                                                                                                    • Instruction ID: 98834587ee2368882317ba2fe57f43672d9d764f165dd91ff190caf17ee7553e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77f2f9c0c3853e5df4dc99a11e1b25eaa2aec769d06f52d5773e5caefc843251
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D041C23290820187EA74AB26A54427DBFA4EB55B90FD40133EA8E43691DF2DF463CB61
                                                                                                                                                                                                                                    Function 00007FF7D7887F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _fread_nolock
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 840049012-0
                                                                                                                                                                                                                                    • Opcode ID: 7d2ffc6bbc79ae5a2c74bce1da3196692eb5c07e0d710da80585856a36faa807
                                                                                                                                                                                                                                    • Instruction ID: 1f3a691f4e173889a873338644dd5e6afa1171e837590ef0936b8296cfd70af4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d2ffc6bbc79ae5a2c74bce1da3196692eb5c07e0d710da80585856a36faa807
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D721A621B586A285FA50BA2279043BEEA91BF45BD4FCC4432EE5D0B786DF7DE0538610
                                                                                                                                                                                                                                    Function 00007FF7D789B9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                                                    • Instruction ID: ca408815402b961c2bc0d5bd6b14ae0c8d8192cf1d5033fb56fe69adde7c62e4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4316F31A18A5289E7527B56884137DAE90AF40BA4FD60137E96D133D2DF7CF4638731
                                                                                                                                                                                                                                    Function 00007FF7D78999D1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3947729631-0
                                                                                                                                                                                                                                    • Opcode ID: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                                                    • Instruction ID: ff21322ee3ff926aa4392b5325366fcad10712fb1cca6503546720997f1b7482
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2218132A047818AEB24AF65C4442EC7BE5EB84718FC40636D65D06AD5DF38E956C760
                                                                                                                                                                                                                                    Function 00007FF7D7896004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                    • Instruction ID: 4a0a85e7946c71bf497df653b1b6f2bf7199e0377da8a37046d7c028ec45073d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A119322A1C64281EA60BF11940217EEA60BF85B94FD44033FB4C57BD6EF3DF5628721
                                                                                                                                                                                                                                    Function 00007FF7D78A63C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                                    • Instruction ID: 37fc20d14b336e6d18f76a375dc428a52ecc951bf47a79200b01b7e3ed345ffb
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD21F972B08A4287D760AF18D54037DBBA0FB84B54FD40236E69E876D9DF3CD4228B10
                                                                                                                                                                                                                                    Function 00007FF7D789042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                    • Instruction ID: d0ff603419b202146d08c3213b403823f3d0c15b2b47c95d6d022ea226cda482
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A01C465A0878241EA04FF52990106DEAA5BF85FE4FD84632EE6C57BD6DF3CF1228310
                                                                                                                                                                                                                                    Function 00007FF7D7897F6C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: 6832eb5f98ca96f5e7cd25db8366a3c1a8b2d6b45623d2691d830cdd3d76c9ad
                                                                                                                                                                                                                                    • Instruction ID: 2df4dcc948b2f309a44c2153ced70884c8ffeb927156941f968f73f6f868617a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6832eb5f98ca96f5e7cd25db8366a3c1a8b2d6b45623d2691d830cdd3d76c9ad
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6014C20E0D68344FA607B61694157DDE90AF44794FD84537EA1D926C6EF3CB4738231
                                                                                                                                                                                                                                    Function 00007FF7D78982A8 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                                                    • Instruction ID: 538c3a5e8fa7582d3f610fe0883908358b6150a4332c413f76fc76709a4000c3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19E012A0E08A0786F7143AF449821BE9D105F56340FD15472E90C162C3EF6C787B5631
                                                                                                                                                                                                                                    Function 00007FF7D789EC08 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(?,?,00000000,00007FF7D789B39A,?,?,?,00007FF7D7894F81,?,?,?,?,00007FF7D789A4FA), ref: 00007FF7D789EC5D
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                                                                                                                    • Opcode ID: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                                                    • Instruction ID: 631410818b27b26ef830232e3bbe22fb3c697b4afeff052d4a86239ec46298c9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9DF0CD42B1930740FE547A6288A12BDCE805F84FA4FCC403AC84E867C1EF1CF6A38230
                                                                                                                                                                                                                                    Function 00007FF7D789D66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(?,?,?,00007FF7D7890D00,?,?,?,00007FF7D789236A,?,?,?,?,?,00007FF7D7893B59), ref: 00007FF7D789D6AA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                                                                                                                    • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                                    • Instruction ID: c1180c5f78d316db3f29bb1c1106953c490147daf7a6f24e1abfe88371a64bd6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59F03414A0DB0244FE667A61591127DAA904F95BA0FC842329D2E866C2EF6CB4A28274

                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                    Function 00007FF7D7885820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D7885830
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D7885842
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D7885879
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D788588B
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D78858A4
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D78858B6
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D78858CF
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D78858E1
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D78858FD
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D788590F
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D788592B
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D788593D
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D7885959
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D788596B
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D7885987
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D7885999
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D78859B5
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D78859C7
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                    • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                    • API String ID: 199729137-653951865
                                                                                                                                                                                                                                    • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                                                    • Instruction ID: 80db64379f84d7bdad4eee4dd9f7061825d8d89699f2101ffb8ae233cddd7c97
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A229E64A49B4792FB55BB65BA555BDAFA0AF04781FC41037C82E03360FF7CA57A8320
                                                                                                                                                                                                                                    Function 00007FF7D78A411C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                    • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                    • Opcode ID: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                                                    • Instruction ID: 68906da5891095b894e29e455191d25d09f4071dd25659a88affb43c747d2403
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FDB2F972F182828BEB649F68D6407FDBBA1FB54344FD01136DA0D57A84DB7CA922CB50
                                                                                                                                                                                                                                    Function 00007FF7D788AD1D Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                                                    • API String ID: 0-2665694366
                                                                                                                                                                                                                                    • Opcode ID: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                                                    • Instruction ID: 507ee6c1722dc43f58b9e895129c13af273593319efc9ced86430b53a1a26434
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D521872A186A687D7A49F14E458B7D7FA9FB84340FC1413AE64A877C0DB3CD851CB60
                                                                                                                                                                                                                                    Function 00007FF7D788D19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3140674995-0
                                                                                                                                                                                                                                    • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                                                    • Instruction ID: b255408ee04ef9f4b78bbcea1e80d1a021b2a8e58920117909f356765479c081
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01316172608B8186EB609F60E8803EEBB60FB88704F84413BDA4D47B95EF3CD559C720
                                                                                                                                                                                                                                    Function 00007FF7D789A684 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1239891234-0
                                                                                                                                                                                                                                    • Opcode ID: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                                                    • Instruction ID: 47a5ebd425877e7474c86a182b9d1d0f34eda22824e693f403b8e6f8d4a88ec4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7316036618B8196DB60DF25E8402AEBBA4FB88754FD40137EA8D43B54DF3CD566CB10
                                                                                                                                                                                                                                    Function 00007FF7D78A18E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2227656907-0
                                                                                                                                                                                                                                    • Opcode ID: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                                                    • Instruction ID: 295da5b093868542ee2ac0612520c4fc66b766cb91b10a35745cac2145595c20
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FB19426F1869241EB61AB6296005BDEBA1EB44BE5FC45133EA5D07BC5EF3CE463C310
                                                                                                                                                                                                                                    Function 00007FF7D788D080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                                    • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                                                    • Instruction ID: 02ac6c4dd74e2fe7813f280f65592ea4c3fd970580f40de278ac318188a729ac
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6114F26B14B0589EB00DB60E8542AD7BB4FB19758F841E36DA1D47764DF38D1668350
                                                                                                                                                                                                                                    Function 00007FF7D78A3C80 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: memcpy_s
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1502251526-0
                                                                                                                                                                                                                                    • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                    • Instruction ID: cfa75de9f525d2aa94bc59ed40ad7cc68767b56661366ce632e7e220ecd51215
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63C1E372B1868687EB249F19E24466EFBA1F794784FD48136DB4E43B44DB3DE812CB40
                                                                                                                                                                                                                                    Function 00007FF7D788A4E4 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                                                    • API String ID: 0-1127688429
                                                                                                                                                                                                                                    • Opcode ID: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                                                    • Instruction ID: 3cc642a09fbb611e8223e17d8b31b4b69fdd1c3eb6697c5e571717b817b52526
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0F1A472A083C54BE7A5AF14D488B3EBEA9FF44740F85453ADA49473D0CB38E952C761
                                                                                                                                                                                                                                    Function 00007FF7D78A9798 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 15204871-0
                                                                                                                                                                                                                                    • Opcode ID: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                                                    • Instruction ID: f06f2e93bf8d1b26f59b3cec17e0d56e1b2bd913fde234f185f791f6b94272bb
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8FB17073608B858BEB15DF29C54636C7BE0F784B48F998922DB9D837A4CB39D462C710
                                                                                                                                                                                                                                    Function 00007FF7D7893A14 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: $
                                                                                                                                                                                                                                    • API String ID: 0-227171996
                                                                                                                                                                                                                                    • Opcode ID: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                                                    • Instruction ID: ba5084d73d7dae4f139b1043dab565abf0e355bfdd09968918f30a60f5219a19
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72E1B536A0864686EB68AF29C45413DBBA0FF45B58FD44237DA4E07B94DF29F863C710
                                                                                                                                                                                                                                    Function 00007FF7D788A34B Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                                                    • API String ID: 0-900081337
                                                                                                                                                                                                                                    • Opcode ID: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                                                    • Instruction ID: a8b7b8917fe6fef99e9170f4befd408ca765d2db35a7291349c453353615aea5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF91E672A182C687E7A49F14E488B3E7EA9FF44350FC5413ADA4A477C0DB38E552CB61
                                                                                                                                                                                                                                    Function 00007FF7D789DF60 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: e+000$gfff
                                                                                                                                                                                                                                    • API String ID: 0-3030954782
                                                                                                                                                                                                                                    • Opcode ID: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                                                    • Instruction ID: 701efe9c6f5f49a3bd43d36f3074289acd1e8ab3e7db0c508294dd6610ca522c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08515523B183C186E7649E35980076DEF91F744B94FC88236CAA847AC5CF3DE152C710
                                                                                                                                                                                                                                    Function 00007FF7D789DACC Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: gfffffff
                                                                                                                                                                                                                                    • API String ID: 0-1523873471
                                                                                                                                                                                                                                    • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                    • Instruction ID: c012bcfc988f5367f8a75e4e1a0d1950ae08a4ea45d43b52315960e08dd586a9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0DA14563A087C587EB25DF29A4007ADBF91AB65B84F848032DE8D47785DF3DE512C721
                                                                                                                                                                                                                                    Function 00007FF7D7898804 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: TMP
                                                                                                                                                                                                                                    • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                    • Opcode ID: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                                                    • Instruction ID: c4cdae79bf2d84b1cd452edf874ac49ca8ca3c39ff7961060730c0a39c6228d6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30518C11F1866341FA68BB26990157EDA916F84BC4FC84136DE1E97BD6EF3CF4238221
                                                                                                                                                                                                                                    Function 00007FF7D78A34F0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: HeapProcess
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 54951025-0
                                                                                                                                                                                                                                    • Opcode ID: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                                                    • Instruction ID: dbcef0ad3a92f3323a9c48999853230580a132e59c9d72ebd2c56252a0233f39
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3B09220E07B42C2EE083B21AC8221C6AA5BF48701FD8013AC00C41730DE2C24F75721
                                                                                                                                                                                                                                    Function 00007FF7D7893610 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                                                    • Instruction ID: 0ccd7abc010d14dce7f143c392b2412213d98d66fc07bead40d599cbdb3bd9d9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80D1EA66A0864256EB29AE25845023DABA1FF46B48FD54237CE0D17F94DF3DF863C360
                                                                                                                                                                                                                                    Function 00007FF7D7889870 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                                                    • Instruction ID: e1a16af076b913ee6ec0f59e018d9cfef8d61a65662faeb0b990aafdd1d8ec96
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24C1BD722181E08BD28AEB29E4694BA77E1F78930DBD5406BEF87477C5C73CA415DB20
                                                                                                                                                                                                                                    Function 00007FF7D7892C80 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                                                    • Instruction ID: b992c612a0dd8d9546080a2f0bde5e984f5f9c61fd5e4e5caac015ac70967828
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06B16D72A0878589EB65EF29C09427CFFA0E749B48FE40136DA4E47395DF39E462C760
                                                                                                                                                                                                                                    Function 00007FF7D789E5E0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                                                    • Instruction ID: a84cac2825d31529f9481c6b4cc6f89ab52d32efa03eaff6a12ee0815c3cfa3b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE81D173A0878186E7749B19A48037EFE91FB85794FD4423ADA8D43B95CF3DE6118B10
                                                                                                                                                                                                                                    Function 00007FF7D78A6488 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: b78332369169aed8be6dd13cc6d08ed8a401c1151d3c5d6e5b3c154adaf735d2
                                                                                                                                                                                                                                    • Instruction ID: 0c2bb451e94ca84eb141291e57cae1b6a9aa72d28ead175d4a3c99aba227de11
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b78332369169aed8be6dd13cc6d08ed8a401c1151d3c5d6e5b3c154adaf735d2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68613F22F0C59286FB64A928865427DED90EF41760FD9423BD61F876CDDF7DE8228720
                                                                                                                                                                                                                                    Function 00007FF7D7891DC4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                    • Instruction ID: c9c2cd138c094745a566a09b167be4a28c80f12b81f892c808c9c4985c2daeda
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08517036E1C65686E7649B29D04023CBBA0EB48B69FE44232DE4D17794DB3AF863C750
                                                                                                                                                                                                                                    Function 00007FF7D78919B4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                    • Instruction ID: 4b5535a2237d199cb391e99b90ad68cc1e06767a6fb2dcd5b621a86704e02fd8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C517136E1C65186E7249B2AC04023DBBA1EB49B69FE44132CA8D57794DF3AFC63C750
                                                                                                                                                                                                                                    Function 00007FF7D78921D4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                    • Instruction ID: 3d69566bf592dd971e18266b6e3aabb88d4b3e563ddaa3f5e19b08f92a71355f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41518236A1865186E7249B69C04027CFBA0EB54B68FE44232CE4D177E4CB3AF863C750
                                                                                                                                                                                                                                    Function 00007FF7D78917B0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                    • Instruction ID: 1bc23468f9f82ca92704328501ed94be2f2c70fb335d747ffc218300392240b0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF519136E1C65186E7649B29C04023CABA1EB49B59FE45132CE4D27794CF3AF863D750
                                                                                                                                                                                                                                    Function 00007FF7D7891FD0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                    • Instruction ID: 9d6fc07b96536139a441aa2e8f40df50e2abde923fb45c585d5d9f88891d2f5a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B519136A1865286E7649B29D44023CFBA0EB54B58FE44132CE4D177A8DF3AFC63C750
                                                                                                                                                                                                                                    Function 00007FF7D7891BC0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                    • Instruction ID: 641b7413e74c73d94b5bffdf625e633f027789591349f5beaec36843793e2327
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7517036E1CA5186E7649B29C04423CABA1EB49B6DFE44132CE4D577A4CF3AF863C750
                                                                                                                                                                                                                                    Function 00007FF7D7895DA0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                    • Instruction ID: d1d663c3f526c2b11b30c36ba49c85278eec1d4f53d7bdacf676f5bc397bbcf3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED41EA62C0974A44F965992809056BCDF809F62BF0FD812B2DC99533C7EF1D39A7C321
                                                                                                                                                                                                                                    Function 00007FF7D7899F10 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                                                                                                                    • Opcode ID: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                                                    • Instruction ID: efb1275c53728a9a965109bd476a7797fdc8a237bea9fcf4e7aa1f07e85d9483
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D341E022714A5582EF44DF2ADA141ADBBA1BB88FD0B899037EE0D97B58DF3CD4538301
                                                                                                                                                                                                                                    Function 00007FF7D7898154 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                    • Instruction ID: 9cbdffb2073d9e7af642933c88f7e53404e676ee01ced5f813e7a9aeb0b39438
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4431A932B08B8281E754AF25684017EADD5EB85BD0FD4423AEA9D53BD5DF3CE1234714
                                                                                                                                                                                                                                    Function 00007FF7D78A95E0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                                                    • Instruction ID: 764539517f6b2c32c8d602a79275d73df2bba9b5752c0b76875e07ee04330162
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1F044717182558ADB98AF6DB4426297BD0F748380FC0813AD58983E04DA3C90628F14
                                                                                                                                                                                                                                    Function 00007FF7D788D37C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                                                    • Instruction ID: 6f66c3b923bba3c62048bb0907daf47bcc12393adc23487cf28c47f6507e349f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FA0012190C84AE0E644AB00E9A0469AB20FB55301BC00133E00D420A0EE2CA8229320
                                                                                                                                                                                                                                    Function 00007FF7D78876B0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                    • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                    • API String ID: 199729137-3427451314
                                                                                                                                                                                                                                    • Opcode ID: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                                                    • Instruction ID: 489a058bb8abb1f9412de28f468f45932a48324ffe454f91322d63a1a0bd6ade
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7802AF60E0DB0791EB14BBA5BA509BCAFA1AF04755FD41033D81E422A4EF7CB57B9230
                                                                                                                                                                                                                                    Function 00007FF7D78881C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7889400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7D78845E4,00000000,00007FF7D7881985), ref: 00007FF7D7889439
                                                                                                                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(?,00007FF7D78888A7,?,?,00000000,00007FF7D7883CBB), ref: 00007FF7D788821C
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7882810: MessageBoxW.USER32 ref: 00007FF7D78828EA
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                    • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                    • API String ID: 1662231829-930877121
                                                                                                                                                                                                                                    • Opcode ID: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                                                    • Instruction ID: 88d4c0d6caf758423271abce4d14ff4e50a56a8a3b01d4d7abf8f540b50941a3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89515611A28A4281FB60FB25F9516BEEA91AF94780FC44433E50E876D5EF2CE5278770
                                                                                                                                                                                                                                    Function 00007FF7D7882180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                    • String ID: P%
                                                                                                                                                                                                                                    • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                    • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                    • Instruction ID: 9e057fb6655104d884e4fdae38aa02a3369a243fea34d43133a6d0ad6b4d527a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F51D626604BA186D7249F26B4181BEFFA1FB98B61F404136EBDE43694DF3CD056DB20
                                                                                                                                                                                                                                    Function 00007FF7D78880B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                                                    • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                                                    • API String ID: 3975851968-2863640275
                                                                                                                                                                                                                                    • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                                                    • Instruction ID: cc8364af2a5679ac394ef1043d86dfb6d3cb9e6e7263871242b1bb35b42c3307
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2921A725B19A4282E745AB7AB95417DEF91FF88B90FD84132DE2D433D4DE2CD5A28320
                                                                                                                                                                                                                                    Function 00007FF7D7896300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: -$:$f$p$p
                                                                                                                                                                                                                                    • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                    • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                    • Instruction ID: ca17cddae82004d6f2a32d444b0767ebef0d2dbffebaa6f35ca103652bad85d5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04126E62F0C14386FB24BA1591546BDFAA1FB80750FD84137E69B46AC4DF3CF5A29B20
                                                                                                                                                                                                                                    Function 00007FF7D7891038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: f$f$p$p$f
                                                                                                                                                                                                                                    • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                    • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                    • Instruction ID: 1a68b0a8feee661fb6dca0dd571e785c47e4559d86e9355d79101d9c8ef1f911
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D912A622E0C14385FB20BA55E0546BDFA62FB48755FD84037E69947AC4DF7CF8A29B20
                                                                                                                                                                                                                                    Function 00007FF7D7881050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                    • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                    • Opcode ID: d2d5de54a522b058a739d288cf81c51329d5563af82632bfd3bdb84cc9e0827b
                                                                                                                                                                                                                                    • Instruction ID: e903edafcb94b9032b31333cb5587abe6b12d5600d7416a2b459afcdf563ef8e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2d5de54a522b058a739d288cf81c51329d5563af82632bfd3bdb84cc9e0827b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D416E25E0865286EA10FB12A9006BEEB90BF44BC4FD44437ED0D47796EF3CE5278760
                                                                                                                                                                                                                                    Function 00007FF7D7881470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                    • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                    • Opcode ID: f2f664b4b682a0b9c6d88ee2650733943832cac23810cfb4c9454e57594dcff2
                                                                                                                                                                                                                                    • Instruction ID: c8cf36d66b0b1a92386cb399bd93aa263742d47471353174318a207c783778c6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2f664b4b682a0b9c6d88ee2650733943832cac23810cfb4c9454e57594dcff2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D415B22A0864386EB10EB25A5405BDEB90BF44794FC44937EE4D47B95EF3CE5678720
                                                                                                                                                                                                                                    Function 00007FF7D788EA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                    • API String ID: 849930591-393685449
                                                                                                                                                                                                                                    • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                                                    • Instruction ID: b67a9860166906beb532c3458a6d2dfcf16aecc93e8f207fdd1ef0b0002e5642
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ACD18132A0874186EB24AB65E4403ADBBA0FB45798FD4023BEE4D57B95DF38E462C711
                                                                                                                                                                                                                                    Function 00007FF7D7882C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7D7883706,?,00007FF7D7883804), ref: 00007FF7D7882C9E
                                                                                                                                                                                                                                    • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7D7883706,?,00007FF7D7883804), ref: 00007FF7D7882D63
                                                                                                                                                                                                                                    • MessageBoxW.USER32 ref: 00007FF7D7882D99
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                                                    • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                                                    • API String ID: 3940978338-251083826
                                                                                                                                                                                                                                    • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                                                    • Instruction ID: 2504a6514da74eb6ac9038d4e44f3df423edd731a56dec0fd7df53ba48efa9c9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6031A022B08A4152E720BB25B9046AEEEA5BB88B98FC00137EF4D93759DE3CD517C310
                                                                                                                                                                                                                                    Function 00007FF7D788DD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF7D788DFEA,?,?,?,00007FF7D788DCDC,?,?,?,00007FF7D788D8D9), ref: 00007FF7D788DDBD
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF7D788DFEA,?,?,?,00007FF7D788DCDC,?,?,?,00007FF7D788D8D9), ref: 00007FF7D788DDCB
                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF7D788DFEA,?,?,?,00007FF7D788DCDC,?,?,?,00007FF7D788D8D9), ref: 00007FF7D788DDF5
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF7D788DFEA,?,?,?,00007FF7D788DCDC,?,?,?,00007FF7D788D8D9), ref: 00007FF7D788DE63
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF7D788DFEA,?,?,?,00007FF7D788DCDC,?,?,?,00007FF7D788D8D9), ref: 00007FF7D788DE6F
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                                                                    • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                    • Opcode ID: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                                                    • Instruction ID: c711669c57d1ffdabbb983ba8bc5481300c28fe90fa6a14560c12d37af139433
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A319421B1A64291EE55BB12B80057DAB94FF58BA0FD94637ED2D47380EF3CE4668330
                                                                                                                                                                                                                                    Function 00007FF7D7886350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                    • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                    • Opcode ID: c6b32316bfe7a0aff6899d53276924ef6fe1744c5bc58fcca4aca07baf8add6e
                                                                                                                                                                                                                                    • Instruction ID: e20e9c4cb68c4ffeff38d34b86d15cbac0257ee82ef9db46391f3dafd82b78a3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6b32316bfe7a0aff6899d53276924ef6fe1744c5bc58fcca4aca07baf8add6e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97415E21A18A8691EB11FB21F5142EDEB61FB54394FC00133EA5D43696EF3CE627C760
                                                                                                                                                                                                                                    Function 00007FF7D7882A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF7D788351A,?,00000000,00007FF7D7883F23), ref: 00007FF7D7882AA0
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                    • API String ID: 2050909247-2900015858
                                                                                                                                                                                                                                    • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                                                    • Instruction ID: 17a783887c499944f2c20773e82e66c77efef6f1cf65414f5503f6f1c81b4fad
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71219232A1878192E720EB51B8817EAABA4FB887D4FC00137FE8D53659DF3CD6568750
                                                                                                                                                                                                                                    Function 00007FF7D789B1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                                    • Opcode ID: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                                                                    • Instruction ID: 3820499bd9168f2525e524df380f48f531adc54e52b63e3f737fe3c9141ea2a6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62216D20E0C38686FA6873A1965117DDD429F847A0FD0863BE83E47AD6DF2CB4238321
                                                                                                                                                                                                                                    Function 00007FF7D78A7DDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                    • String ID: CONOUT$
                                                                                                                                                                                                                                    • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                    • Opcode ID: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                                                    • Instruction ID: 19f2b82e20cad17bc862f282fd4951a7136cbaf3832673bbdea15268cf5f9d17
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69119321B18B4186E350AB52E95432DAFA0FB98FF4FC00236EA5D87794DF3CD8258750
                                                                                                                                                                                                                                    Function 00007FF7D7888560 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,?,00000000,00007FF7D7889216), ref: 00007FF7D7888592
                                                                                                                                                                                                                                    • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF7D7889216), ref: 00007FF7D78885E9
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7889400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7D78845E4,00000000,00007FF7D7881985), ref: 00007FF7D7889439
                                                                                                                                                                                                                                    • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF7D7889216), ref: 00007FF7D7888678
                                                                                                                                                                                                                                    • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF7D7889216), ref: 00007FF7D78886E4
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,00000000,00007FF7D7889216), ref: 00007FF7D78886F5
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,00000000,00007FF7D7889216), ref: 00007FF7D788870A
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3462794448-0
                                                                                                                                                                                                                                    • Opcode ID: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                                                    • Instruction ID: 3180cf2dd765df79de39f83a0281cf87ecf550339177bf04b1e39b7dae40b361
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2641A522B1869241EA30BB11B5446AEABA4FB44BC4FC44137DE4D97B89DF3CD552C720
                                                                                                                                                                                                                                    Function 00007FF7D789B338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF7D7894F81,?,?,?,?,00007FF7D789A4FA,?,?,?,?,00007FF7D78971FF), ref: 00007FF7D789B347
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7D7894F81,?,?,?,?,00007FF7D789A4FA,?,?,?,?,00007FF7D78971FF), ref: 00007FF7D789B37D
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7D7894F81,?,?,?,?,00007FF7D789A4FA,?,?,?,?,00007FF7D78971FF), ref: 00007FF7D789B3AA
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7D7894F81,?,?,?,?,00007FF7D789A4FA,?,?,?,?,00007FF7D78971FF), ref: 00007FF7D789B3BB
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7D7894F81,?,?,?,?,00007FF7D789A4FA,?,?,?,?,00007FF7D78971FF), ref: 00007FF7D789B3CC
                                                                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,?,00007FF7D7894F81,?,?,?,?,00007FF7D789A4FA,?,?,?,?,00007FF7D78971FF), ref: 00007FF7D789B3E7
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                                    • Opcode ID: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                                                                    • Instruction ID: f357cf8a5371524ae0c35adfb70485c9ae6b2e381e987191c264c9df97422336
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87114D20A0C74286FA58B721969113DED865F847B0FD48736E87E47BD6DF2CB4239321
                                                                                                                                                                                                                                    Function 00007FF7D7882910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7D7881B6A), ref: 00007FF7D788295E
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                                                    • API String ID: 2050909247-2962405886
                                                                                                                                                                                                                                    • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                                                    • Instruction ID: 9fa937a4098d8d872ca2ba51f1b956d7c66686a2d2ecb1bb069192922a163f53
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F831B422B1868156E720B761B8416EEAA95BF887E4FC00137EE8D83759EF3CD567C710
                                                                                                                                                                                                                                    Function 00007FF7D7882390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                    • String ID: Unhandled exception in script
                                                                                                                                                                                                                                    • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                    • Opcode ID: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                                                    • Instruction ID: 39a5020eaa1a1c26d0fa8becc4b9f9abb2c7a2c9c1c480aba4c37829969ac2b6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4313072A1968289EB60EF61F8552FEAB60FF88784FC40136EA4D47B59DF3CD1168710
                                                                                                                                                                                                                                    Function 00007FF7D7882B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF7D788918F,?,00007FF7D7883C55), ref: 00007FF7D7882BA0
                                                                                                                                                                                                                                    • MessageBoxW.USER32 ref: 00007FF7D7882C2A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentMessageProcess
                                                                                                                                                                                                                                    • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                                                    • API String ID: 1672936522-3797743490
                                                                                                                                                                                                                                    • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                                                    • Instruction ID: 0cc8ca2490330115a5bf9f6b6c5a260d0a9a380bcbe19190a2a98f182dc97a94
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9219F62708B4182E710AB54B8447AEABA4FB88784FC00137EA8D97659DF3CD226C710
                                                                                                                                                                                                                                    Function 00007FF7D7882710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF7D7881B99), ref: 00007FF7D7882760
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                    • API String ID: 2050909247-1591803126
                                                                                                                                                                                                                                    • Opcode ID: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                                                    • Instruction ID: 55d9593ac427153e07de494bc5774fd33131f68ccded2007495c8d5b8a497707
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61218132A1878182E720EB51B9817EAABA4FB88784FC00137EE8D53659DF3CD5568750
                                                                                                                                                                                                                                    Function 00007FF7D7899AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                    • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                                                    • Instruction ID: d0ab9f94d0ee6f37a71596f1683fd49e663751ad143aaedd2d4543e5441b0024
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AFF04F21A0960681EB10AB24A49577EEF60AF89761FD40236D66E475E4DF2CE056C320
                                                                                                                                                                                                                                    Function 00007FF7D78A93D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _set_statfp
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1156100317-0
                                                                                                                                                                                                                                    • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                    • Instruction ID: 22e1d1a21e8daf93fde11616e6463597eedd8869a8d611876273d15b2d7a8d76
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1811A372E5DB2301F7543124D79637DBA446F59374FC40636EB6E062D6CE2CA9634124
                                                                                                                                                                                                                                    Function 00007FF7D789B400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FlsGetValue.KERNEL32(?,?,?,00007FF7D789A613,?,?,00000000,00007FF7D789A8AE,?,?,?,?,?,00007FF7D789A83A), ref: 00007FF7D789B41F
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7D789A613,?,?,00000000,00007FF7D789A8AE,?,?,?,?,?,00007FF7D789A83A), ref: 00007FF7D789B43E
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7D789A613,?,?,00000000,00007FF7D789A8AE,?,?,?,?,?,00007FF7D789A83A), ref: 00007FF7D789B466
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7D789A613,?,?,00000000,00007FF7D789A8AE,?,?,?,?,?,00007FF7D789A83A), ref: 00007FF7D789B477
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7D789A613,?,?,00000000,00007FF7D789A8AE,?,?,?,?,?,00007FF7D789A83A), ref: 00007FF7D789B488
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                                    • Opcode ID: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                                                                    • Instruction ID: 0143507d56e0f2fc7bbbd09d1560a91e7048d2e24007f3492d2f68a975ca4698
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71117C20A0C70246FA98B3219A5117DED465F847B0FD8833AE87E57AD6DF2CB4239321
                                                                                                                                                                                                                                    Function 00007FF7D789B294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                                    • Opcode ID: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                                                                    • Instruction ID: 5a76e6b6a2dadf4590e743ab2f81201f0a762d35159719b29c8fc27b2f168616
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24112A20E0930746FAA8B361881117D9D854F85730FD4873AD93E5A6C2DF2CB8239232
                                                                                                                                                                                                                                    Function 00007FF7D7896010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: verbose
                                                                                                                                                                                                                                    • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                    • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                    • Instruction ID: e87e453b43ddad1751ba9dcd0241515f715135945da029e8a474d004ca6c1c96
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2991BD32B08A4685E761AF64D8503BDBB91AB40B94FC44137DA9E473C5DF3CF4268322
                                                                                                                                                                                                                                    Function 00007FF7D789FC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                    • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                    • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                                                    • Instruction ID: 97c37a4e5ad1fb732fc0134bf4ed1798d7c24c679b23ad6f8e18ba186a382610
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D819172E0C24285F76C6F25C15427DBEA0AF11B48FD98037DA0A9B695DF2DF9239321
                                                                                                                                                                                                                                    Function 00007FF7D788D6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                    • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                                    • Opcode ID: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                                                    • Instruction ID: 25f8df9747e83680e2b40130022848bda9c5120a9509a27497a27137bf949d27
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5951A132B196028ADB54AF15F444A3CBB91EB48B98FD04632DA4D47748DF7CE862C720
                                                                                                                                                                                                                                    Function 00007FF7D788EF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                    • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                    • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                                                    • Instruction ID: 3de61bed89523ec2fcb19f663cf81ac7d5f3e6c9e484911be9101efc215d2ef8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F661B232908BC585E761AB15F4407AEFBA0FB85B84F844226EB9C07B59DF7CD5A1CB10
                                                                                                                                                                                                                                    Function 00007FF7D788F2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                                                                    • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                    • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                                                    • Instruction ID: 34ce0f87913e136e83512eb9cc17ced66c867706bffdaba8a107dee021ac2745
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4518F32908382C6EB64AF21E44466CBAA0FB54B94FD84237DA5D87795CF3CE962C711
                                                                                                                                                                                                                                    Function 00007FF7D7882810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                    • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                                                    • API String ID: 2030045667-255084403
                                                                                                                                                                                                                                    • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                                                    • Instruction ID: 9dbcc1d40d3c2ec33d2bf62fa1f3def77b08a5710001b73f4eaa28db95a613ee
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2219F62B08B4182E710AB54B9447EEABA4FB88784FC00137EA8D93659DF3CD266C710
                                                                                                                                                                                                                                    Function 00007FF7D789C610 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2718003287-0
                                                                                                                                                                                                                                    • Opcode ID: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                                                    • Instruction ID: 29a31c3dac5265024d79281ea30821b6fdeb0d621a2bbe98ee9ca0829a408b7f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3D1D172B18A818AE710DF75D4401ACBBA1FB44798BC48227DE5E97B99DF39E027C350
                                                                                                                                                                                                                                    Function 00007FF7D78820C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1956198572-0
                                                                                                                                                                                                                                    • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                    • Instruction ID: 9e1fbcf427df40f09c2cc04d7a6937eeba1dc7737a47cd3885ea31a0e65f2ae5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B11A925F1C15242F754A769F94427DDF92EF84790FD44032DB4907B99CD3DE4E68210
                                                                                                                                                                                                                                    Function 00007FF7D78A5B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: ?
                                                                                                                                                                                                                                    • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                    • Opcode ID: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                                                    • Instruction ID: f23e559286857582bb11b55ed0cab42d82d53a3a04631e768f8f5e0d2236ecbf
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D941EB12A0878145FB24A715A54637DDE50EB90BA4FD44237EE5D06AD9DF3CD4A3C710
                                                                                                                                                                                                                                    Function 00007FF7D7899084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D78990B6
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D789A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7D78A2D92,?,?,?,00007FF7D78A2DCF,?,?,00000000,00007FF7D78A3295,?,?,?,00007FF7D78A31C7), ref: 00007FF7D789A9CE
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D789A9B8: GetLastError.KERNEL32(?,?,?,00007FF7D78A2D92,?,?,?,00007FF7D78A2DCF,?,?,00000000,00007FF7D78A3295,?,?,?,00007FF7D78A31C7), ref: 00007FF7D789A9D8
                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7D788CC15), ref: 00007FF7D78990D4
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                    • API String ID: 3580290477-1877677919
                                                                                                                                                                                                                                    • Opcode ID: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                                                    • Instruction ID: 5abefe2f665dbdcc2e5779e7fc6f1f120c96937eb89a721e270fcc25790c2b2d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76415032A08B52CAE714BF2598910BDABA4FB847D0BD54037E94D43B85DF3CE4A28360
                                                                                                                                                                                                                                    Function 00007FF7D789CCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                    • String ID: U
                                                                                                                                                                                                                                    • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                    • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                                                    • Instruction ID: e4b7ad97d2c9098453833898a0d2984cc57b7a237e708ead5254b531514eb34b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B41A532B19A8585DB609F25E4443ADAB60FB88794FC44137EE4D87B98EF3DE412C750
                                                                                                                                                                                                                                    Function 00007FF7D789F628 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentDirectory
                                                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                                                    • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                    • Opcode ID: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                                                                    • Instruction ID: 5ff50b13db7e14267d028b99cdc9e0e3babbab6b7a61ecdc2bf8f4db6173b1f7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35210433A0838182FB25AB15D44426EBBB1FB84B44FD54037DA8D43694DF7CE966CB61
                                                                                                                                                                                                                                    Function 00007FF7D788FDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                    • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                    • Opcode ID: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                                                    • Instruction ID: 7ae921b3440506b5db85adfff8614d3a534115d69355e20ef0cb1f43d8690d87
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15112E32618B8182EB619F15F54025DBBE4FB88B84F984232EB8D07759DF3CD9628B10
                                                                                                                                                                                                                                    Function 00007FF7D78A07AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1779496744.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779472319.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779537141.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779567877.00007FF7D78C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1779623428.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                                                    • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                    • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                                                    • Instruction ID: 5209e5ddf3534e31e3bf57c3ecddbb5df1f1619111423f7d3cf10463f42a86f3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 98018F2291824386FB20BF60A46627EABA0FF44708FC40037D54D82691FF3DE526CA24

                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                    Execution Coverage:1.6%
                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                    Signature Coverage:0.3%
                                                                                                                                                                                                                                    Total number of Nodes:633
                                                                                                                                                                                                                                    Total number of Limit Nodes:7
                                                                                                                                                                                                                                    execution_graph 68668 7ffdfb96f8d0 GetSystemInfo 68669 7ffdfb96f904 68668->68669 68670 7ff7d7895698 68671 7ff7d78956cf 68670->68671 68672 7ff7d78956b2 68670->68672 68671->68672 68674 7ff7d78956e2 CreateFileW 68671->68674 68695 7ff7d7894f58 11 API calls _get_daylight 68672->68695 68676 7ff7d7895716 68674->68676 68677 7ff7d789574c 68674->68677 68675 7ff7d78956b7 68696 7ff7d7894f78 11 API calls _get_daylight 68675->68696 68698 7ff7d78957ec 59 API calls 3 library calls 68676->68698 68699 7ff7d7895c74 46 API calls 3 library calls 68677->68699 68681 7ff7d7895751 68684 7ff7d7895780 68681->68684 68685 7ff7d7895755 68681->68685 68682 7ff7d78956bf 68697 7ff7d789a950 37 API calls _invalid_parameter_noinfo 68682->68697 68683 7ff7d7895724 68687 7ff7d7895741 CloseHandle 68683->68687 68688 7ff7d789572b CloseHandle 68683->68688 68701 7ff7d7895a34 51 API calls 68684->68701 68700 7ff7d7894eec 11 API calls 2 library calls 68685->68700 68691 7ff7d78956ca 68687->68691 68688->68691 68692 7ff7d789578d 68702 7ff7d7895b70 21 API calls _fread_nolock 68692->68702 68694 7ff7d789575f 68694->68691 68695->68675 68696->68682 68697->68691 68698->68683 68699->68681 68700->68694 68701->68692 68702->68694 68703 7ff7d788ccac 68724 7ff7d788ce7c 68703->68724 68706 7ff7d788cdf8 68873 7ff7d788d19c 7 API calls 2 library calls 68706->68873 68707 7ff7d788ccc8 __scrt_acquire_startup_lock 68709 7ff7d788ce02 68707->68709 68716 7ff7d788cce6 __scrt_release_startup_lock 68707->68716 68874 7ff7d788d19c 7 API calls 2 library calls 68709->68874 68711 7ff7d788cd0b 68712 7ff7d788ce0d __GetCurrentState 68713 7ff7d788cd91 68730 7ff7d788d2e4 68713->68730 68715 7ff7d788cd96 68733 7ff7d7881000 68715->68733 68716->68711 68716->68713 68870 7ff7d7899b9c 45 API calls 68716->68870 68721 7ff7d788cdb9 68721->68712 68872 7ff7d788d000 7 API calls 68721->68872 68723 7ff7d788cdd0 68723->68711 68725 7ff7d788ce84 68724->68725 68726 7ff7d788ce90 __scrt_dllmain_crt_thread_attach 68725->68726 68727 7ff7d788ccc0 68726->68727 68728 7ff7d788ce9d 68726->68728 68727->68706 68727->68707 68728->68727 68875 7ff7d788d8f8 7 API calls 2 library calls 68728->68875 68876 7ff7d78aa540 68730->68876 68734 7ff7d7881009 68733->68734 68878 7ff7d78954f4 68734->68878 68736 7ff7d78837fb 68885 7ff7d78836b0 68736->68885 68743 7ff7d788383c 68984 7ff7d7881c80 68743->68984 68744 7ff7d788391b 68989 7ff7d78845b0 68744->68989 68747 7ff7d788385b 68957 7ff7d7888a20 68747->68957 68750 7ff7d788396a 69012 7ff7d7882710 54 API calls _log10_special 68750->69012 68751 7ff7d788388e 68761 7ff7d78838bb __std_exception_destroy 68751->68761 68988 7ff7d7888b90 40 API calls __std_exception_destroy 68751->68988 68754 7ff7d788395d 68755 7ff7d7883984 68754->68755 68756 7ff7d7883962 68754->68756 68757 7ff7d7881c80 49 API calls 68755->68757 69008 7ff7d78900bc 68756->69008 68760 7ff7d78839a3 68757->68760 68766 7ff7d7881950 115 API calls 68760->68766 68762 7ff7d7888a20 14 API calls 68761->68762 68769 7ff7d78838de __std_exception_destroy 68761->68769 68762->68769 68764 7ff7d7883a0b 69015 7ff7d7888b90 40 API calls __std_exception_destroy 68764->69015 68768 7ff7d78839ce 68766->68768 68767 7ff7d7883a17 69016 7ff7d7888b90 40 API calls __std_exception_destroy 68767->69016 68768->68747 68771 7ff7d78839de 68768->68771 68775 7ff7d788390e __std_exception_destroy 68769->68775 69014 7ff7d7888b30 40 API calls __std_exception_destroy 68769->69014 69013 7ff7d7882710 54 API calls _log10_special 68771->69013 68772 7ff7d7883a23 69017 7ff7d7888b90 40 API calls __std_exception_destroy 68772->69017 68776 7ff7d7888a20 14 API calls 68775->68776 68777 7ff7d7883a3b 68776->68777 68778 7ff7d7883b2f 68777->68778 68779 7ff7d7883a60 __std_exception_destroy 68777->68779 69019 7ff7d7882710 54 API calls _log10_special 68778->69019 68791 7ff7d7883aab 68779->68791 69018 7ff7d7888b30 40 API calls __std_exception_destroy 68779->69018 68781 7ff7d7883808 __std_exception_destroy 69022 7ff7d788c5c0 68781->69022 68783 7ff7d7888a20 14 API calls 68784 7ff7d7883bf4 __std_exception_destroy 68783->68784 68785 7ff7d7883c46 68784->68785 68786 7ff7d7883d41 68784->68786 68787 7ff7d7883cd4 68785->68787 68788 7ff7d7883c50 68785->68788 69033 7ff7d78844d0 49 API calls 68786->69033 68793 7ff7d7888a20 14 API calls 68787->68793 69020 7ff7d78890e0 59 API calls _log10_special 68788->69020 68790 7ff7d7883d4f 68795 7ff7d7883d65 68790->68795 68796 7ff7d7883d71 68790->68796 68791->68783 68794 7ff7d7883ce0 68793->68794 68799 7ff7d7883c61 68794->68799 68802 7ff7d7883ced 68794->68802 69034 7ff7d7884620 68795->69034 68801 7ff7d7881c80 49 API calls 68796->68801 68797 7ff7d7883c55 68798 7ff7d7883cb3 68797->68798 68797->68799 69031 7ff7d7888850 86 API calls 2 library calls 68798->69031 69021 7ff7d7882710 54 API calls _log10_special 68799->69021 68812 7ff7d7883d2b __std_exception_destroy 68801->68812 68805 7ff7d7881c80 49 API calls 68802->68805 68808 7ff7d7883d0b 68805->68808 68806 7ff7d7883dc4 68970 7ff7d7889400 68806->68970 68807 7ff7d7883cbb 68810 7ff7d7883cc8 68807->68810 68811 7ff7d7883cbf 68807->68811 68808->68812 68813 7ff7d7883d12 68808->68813 68810->68812 68811->68799 68812->68806 68814 7ff7d7883da7 SetDllDirectoryW LoadLibraryExW 68812->68814 69032 7ff7d7882710 54 API calls _log10_special 68813->69032 68814->68806 68815 7ff7d7883dd7 SetDllDirectoryW 68818 7ff7d7883e0a 68815->68818 68860 7ff7d7883e5a 68815->68860 68819 7ff7d7888a20 14 API calls 68818->68819 68827 7ff7d7883e16 __std_exception_destroy 68819->68827 68820 7ff7d7883ffc 68822 7ff7d7884029 68820->68822 68823 7ff7d7884006 PostMessageW GetMessageW 68820->68823 68821 7ff7d7883f1b 69045 7ff7d78833c0 121 API calls 2 library calls 68821->69045 68975 7ff7d7883360 68822->68975 68823->68822 68825 7ff7d7883f23 68825->68781 68828 7ff7d7883f2b 68825->68828 68831 7ff7d7883ef2 68827->68831 68835 7ff7d7883e4e 68827->68835 69046 7ff7d78890c0 LocalFree 68828->69046 69044 7ff7d7888b30 40 API calls __std_exception_destroy 68831->69044 68835->68860 69037 7ff7d7886db0 54 API calls _get_daylight 68835->69037 68838 7ff7d7884043 69048 7ff7d7886fb0 FreeLibrary 68838->69048 68842 7ff7d788404f 68844 7ff7d7883e6c 69038 7ff7d7887330 117 API calls 2 library calls 68844->69038 68848 7ff7d7883e81 68851 7ff7d7883ea2 68848->68851 68863 7ff7d7883e85 68848->68863 69039 7ff7d7886df0 120 API calls _log10_special 68848->69039 68851->68863 69040 7ff7d78871a0 125 API calls 68851->69040 68855 7ff7d7883ee0 69043 7ff7d7886fb0 FreeLibrary 68855->69043 68856 7ff7d7883eb7 68856->68863 69041 7ff7d78874e0 55 API calls 68856->69041 68860->68820 68860->68821 68863->68860 69042 7ff7d7882a50 54 API calls _log10_special 68863->69042 68870->68713 68871 7ff7d788d328 GetModuleHandleW 68871->68721 68872->68723 68873->68709 68874->68712 68875->68727 68877 7ff7d788d2fb GetStartupInfoW 68876->68877 68877->68715 68881 7ff7d789f4f0 68878->68881 68879 7ff7d789f543 69049 7ff7d789a884 37 API calls 2 library calls 68879->69049 68881->68879 68882 7ff7d789f596 68881->68882 69050 7ff7d789f3c8 71 API calls _fread_nolock 68882->69050 68884 7ff7d789f56c 68884->68736 69051 7ff7d788c8c0 68885->69051 68888 7ff7d78836eb GetLastError 69058 7ff7d7882c50 51 API calls _log10_special 68888->69058 68889 7ff7d7883710 69053 7ff7d78892f0 FindFirstFileExW 68889->69053 68893 7ff7d788377d 69061 7ff7d78894b0 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 68893->69061 68894 7ff7d7883723 69059 7ff7d7889370 CreateFileW GetFinalPathNameByHandleW CloseHandle 68894->69059 68896 7ff7d788c5c0 _log10_special 8 API calls 68898 7ff7d78837b5 68896->68898 68898->68781 68907 7ff7d7881950 68898->68907 68899 7ff7d7883730 68901 7ff7d788374c __vcrt_InitializeCriticalSectionEx 68899->68901 68902 7ff7d7883734 68899->68902 68900 7ff7d788378b 68903 7ff7d7883706 68900->68903 69062 7ff7d7882810 49 API calls _log10_special 68900->69062 68901->68893 69060 7ff7d7882810 49 API calls _log10_special 68902->69060 68903->68896 68906 7ff7d7883745 68906->68903 68908 7ff7d78845b0 108 API calls 68907->68908 68909 7ff7d7881985 68908->68909 68910 7ff7d7881c43 68909->68910 68911 7ff7d7887f80 83 API calls 68909->68911 68912 7ff7d788c5c0 _log10_special 8 API calls 68910->68912 68913 7ff7d78819cb 68911->68913 68914 7ff7d7881c5e 68912->68914 68956 7ff7d7881a03 68913->68956 69063 7ff7d7890744 68913->69063 68914->68743 68914->68744 68916 7ff7d78900bc 74 API calls 68916->68910 68917 7ff7d78819e5 68918 7ff7d78819e9 68917->68918 68919 7ff7d7881a08 68917->68919 69070 7ff7d7894f78 11 API calls _get_daylight 68918->69070 69067 7ff7d789040c 68919->69067 68923 7ff7d78819ee 69071 7ff7d7882910 54 API calls _log10_special 68923->69071 68924 7ff7d7881a26 69072 7ff7d7894f78 11 API calls _get_daylight 68924->69072 68925 7ff7d7881a45 68930 7ff7d7881a5c 68925->68930 68931 7ff7d7881a7b 68925->68931 68928 7ff7d7881a2b 69073 7ff7d7882910 54 API calls _log10_special 68928->69073 69074 7ff7d7894f78 11 API calls _get_daylight 68930->69074 68932 7ff7d7881c80 49 API calls 68931->68932 68934 7ff7d7881a92 68932->68934 68936 7ff7d7881c80 49 API calls 68934->68936 68935 7ff7d7881a61 69075 7ff7d7882910 54 API calls _log10_special 68935->69075 68938 7ff7d7881add 68936->68938 68939 7ff7d7890744 73 API calls 68938->68939 68940 7ff7d7881b01 68939->68940 68941 7ff7d7881b16 68940->68941 68942 7ff7d7881b35 68940->68942 69076 7ff7d7894f78 11 API calls _get_daylight 68941->69076 68944 7ff7d789040c _fread_nolock 53 API calls 68942->68944 68945 7ff7d7881b4a 68944->68945 68947 7ff7d7881b50 68945->68947 68948 7ff7d7881b6f 68945->68948 68946 7ff7d7881b1b 69077 7ff7d7882910 54 API calls _log10_special 68946->69077 69078 7ff7d7894f78 11 API calls _get_daylight 68947->69078 69080 7ff7d7890180 37 API calls 2 library calls 68948->69080 68952 7ff7d7881b55 69079 7ff7d7882910 54 API calls _log10_special 68952->69079 68953 7ff7d7881b89 68953->68956 69081 7ff7d7882710 54 API calls _log10_special 68953->69081 68956->68916 68958 7ff7d7888a2a 68957->68958 68959 7ff7d7889400 2 API calls 68958->68959 68960 7ff7d7888a49 GetEnvironmentVariableW 68959->68960 68961 7ff7d7888ab2 68960->68961 68962 7ff7d7888a66 ExpandEnvironmentStringsW 68960->68962 68964 7ff7d788c5c0 _log10_special 8 API calls 68961->68964 68962->68961 68963 7ff7d7888a88 68962->68963 69111 7ff7d78894b0 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 68963->69111 68966 7ff7d7888ac4 68964->68966 68966->68751 68967 7ff7d7888a9a 68968 7ff7d788c5c0 _log10_special 8 API calls 68967->68968 68969 7ff7d7888aaa 68968->68969 68969->68751 68971 7ff7d7889422 MultiByteToWideChar 68970->68971 68973 7ff7d7889446 68970->68973 68971->68973 68974 7ff7d788945c __std_exception_destroy 68971->68974 68972 7ff7d7889463 MultiByteToWideChar 68972->68974 68973->68972 68973->68974 68974->68815 69112 7ff7d7886350 68975->69112 68979 7ff7d7883381 68983 7ff7d7883399 68979->68983 69180 7ff7d7886040 68979->69180 68981 7ff7d788338d 68981->68983 69189 7ff7d78861d0 54 API calls 68981->69189 69047 7ff7d7883670 FreeLibrary 68983->69047 68985 7ff7d7881ca5 68984->68985 69328 7ff7d78949f4 68985->69328 68988->68761 68990 7ff7d78845bc 68989->68990 68991 7ff7d7889400 2 API calls 68990->68991 68992 7ff7d78845e4 68991->68992 68993 7ff7d7889400 2 API calls 68992->68993 68994 7ff7d78845f7 68993->68994 69355 7ff7d7896004 68994->69355 68997 7ff7d788c5c0 _log10_special 8 API calls 68998 7ff7d788392b 68997->68998 68998->68750 68999 7ff7d7887f80 68998->68999 69000 7ff7d7887fa4 68999->69000 69001 7ff7d788807b __std_exception_destroy 69000->69001 69002 7ff7d7890744 73 API calls 69000->69002 69001->68754 69003 7ff7d7887fc0 69002->69003 69003->69001 69523 7ff7d7897938 69003->69523 69005 7ff7d7887fd5 69005->69001 69006 7ff7d7890744 73 API calls 69005->69006 69007 7ff7d789040c _fread_nolock 53 API calls 69005->69007 69006->69005 69007->69005 69009 7ff7d78900ec 69008->69009 69539 7ff7d788fe98 69009->69539 69011 7ff7d7890105 69011->68750 69012->68781 69013->68781 69014->68764 69015->68767 69016->68772 69017->68775 69018->68791 69019->68781 69020->68797 69021->68781 69023 7ff7d788c5c9 69022->69023 69024 7ff7d7883ca7 69023->69024 69025 7ff7d788c950 IsProcessorFeaturePresent 69023->69025 69024->68871 69026 7ff7d788c968 69025->69026 69551 7ff7d788cb48 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 69026->69551 69028 7ff7d788c97b 69552 7ff7d788c910 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 69028->69552 69031->68807 69032->68781 69033->68790 69035 7ff7d7881c80 49 API calls 69034->69035 69036 7ff7d7884650 69035->69036 69036->68812 69037->68844 69038->68848 69039->68851 69040->68856 69041->68863 69042->68855 69043->68860 69044->68860 69045->68825 69047->68838 69048->68842 69049->68884 69050->68884 69052 7ff7d78836bc GetModuleFileNameW 69051->69052 69052->68888 69052->68889 69054 7ff7d788932f FindClose 69053->69054 69055 7ff7d7889342 69053->69055 69054->69055 69056 7ff7d788c5c0 _log10_special 8 API calls 69055->69056 69057 7ff7d788371a 69056->69057 69057->68893 69057->68894 69058->68903 69059->68899 69060->68906 69061->68900 69062->68903 69064 7ff7d7890774 69063->69064 69082 7ff7d78904d4 69064->69082 69066 7ff7d789078d 69066->68917 69095 7ff7d789042c 69067->69095 69070->68923 69071->68956 69072->68928 69073->68956 69074->68935 69075->68956 69076->68946 69077->68956 69078->68952 69079->68956 69080->68953 69081->68956 69083 7ff7d789053e 69082->69083 69084 7ff7d78904fe 69082->69084 69083->69084 69086 7ff7d789054a 69083->69086 69094 7ff7d789a884 37 API calls 2 library calls 69084->69094 69093 7ff7d78954dc EnterCriticalSection 69086->69093 69088 7ff7d7890525 69088->69066 69089 7ff7d789054f 69090 7ff7d7890658 71 API calls 69089->69090 69091 7ff7d7890561 69090->69091 69092 7ff7d78954e8 _fread_nolock LeaveCriticalSection 69091->69092 69092->69088 69094->69088 69096 7ff7d7881a20 69095->69096 69097 7ff7d7890456 69095->69097 69096->68924 69096->68925 69097->69096 69098 7ff7d78904a2 69097->69098 69099 7ff7d7890465 __scrt_get_show_window_mode 69097->69099 69108 7ff7d78954dc EnterCriticalSection 69098->69108 69109 7ff7d7894f78 11 API calls _get_daylight 69099->69109 69102 7ff7d78904aa 69104 7ff7d78901ac _fread_nolock 51 API calls 69102->69104 69103 7ff7d789047a 69110 7ff7d789a950 37 API calls _invalid_parameter_noinfo 69103->69110 69106 7ff7d78904c1 69104->69106 69107 7ff7d78954e8 _fread_nolock LeaveCriticalSection 69106->69107 69107->69096 69109->69103 69110->69096 69111->68967 69113 7ff7d7886365 69112->69113 69114 7ff7d7881c80 49 API calls 69113->69114 69115 7ff7d78863a1 69114->69115 69116 7ff7d78863cd 69115->69116 69117 7ff7d78863aa 69115->69117 69119 7ff7d7884620 49 API calls 69116->69119 69200 7ff7d7882710 54 API calls _log10_special 69117->69200 69120 7ff7d78863e5 69119->69120 69121 7ff7d7886403 69120->69121 69201 7ff7d7882710 54 API calls _log10_special 69120->69201 69190 7ff7d7884550 69121->69190 69124 7ff7d788c5c0 _log10_special 8 API calls 69126 7ff7d788336e 69124->69126 69126->68983 69143 7ff7d78864f0 69126->69143 69127 7ff7d788641b 69129 7ff7d7884620 49 API calls 69127->69129 69128 7ff7d7889070 3 API calls 69128->69127 69130 7ff7d7886434 69129->69130 69131 7ff7d7886459 69130->69131 69132 7ff7d7886439 69130->69132 69196 7ff7d7889070 69131->69196 69202 7ff7d7882710 54 API calls _log10_special 69132->69202 69135 7ff7d7886466 69136 7ff7d7886472 69135->69136 69137 7ff7d78864b1 69135->69137 69138 7ff7d7889400 2 API calls 69136->69138 69204 7ff7d7885820 137 API calls 69137->69204 69140 7ff7d788648a GetLastError 69138->69140 69203 7ff7d7882c50 51 API calls _log10_special 69140->69203 69142 7ff7d78863c3 69142->69124 69205 7ff7d78853f0 69143->69205 69145 7ff7d7886516 69146 7ff7d788651e 69145->69146 69147 7ff7d788652f 69145->69147 69230 7ff7d7882710 54 API calls _log10_special 69146->69230 69212 7ff7d7884c80 69147->69212 69151 7ff7d788654c 69155 7ff7d788655c 69151->69155 69157 7ff7d788656d 69151->69157 69152 7ff7d788653b 69231 7ff7d7882710 54 API calls _log10_special 69152->69231 69154 7ff7d788652a 69154->68979 69232 7ff7d7882710 54 API calls _log10_special 69155->69232 69158 7ff7d788659d 69157->69158 69159 7ff7d788658c 69157->69159 69161 7ff7d78865bd 69158->69161 69162 7ff7d78865ac 69158->69162 69233 7ff7d7882710 54 API calls _log10_special 69159->69233 69216 7ff7d7884d40 69161->69216 69234 7ff7d7882710 54 API calls _log10_special 69162->69234 69166 7ff7d78865dd 69169 7ff7d78865fd 69166->69169 69170 7ff7d78865ec 69166->69170 69167 7ff7d78865cc 69235 7ff7d7882710 54 API calls _log10_special 69167->69235 69172 7ff7d788660f 69169->69172 69174 7ff7d7886620 69169->69174 69236 7ff7d7882710 54 API calls _log10_special 69170->69236 69237 7ff7d7882710 54 API calls _log10_special 69172->69237 69177 7ff7d788664a 69174->69177 69238 7ff7d7897320 73 API calls 69174->69238 69176 7ff7d7886638 69239 7ff7d7897320 73 API calls 69176->69239 69177->69154 69240 7ff7d7882710 54 API calls _log10_special 69177->69240 69181 7ff7d7886060 69180->69181 69181->69181 69182 7ff7d7886089 69181->69182 69188 7ff7d78860a0 __std_exception_destroy 69181->69188 69272 7ff7d7882710 54 API calls _log10_special 69182->69272 69184 7ff7d7886095 69184->68981 69185 7ff7d78861ab 69185->68981 69187 7ff7d7882710 54 API calls 69187->69188 69188->69185 69188->69187 69242 7ff7d7881470 69188->69242 69189->68983 69191 7ff7d788455a 69190->69191 69192 7ff7d7889400 2 API calls 69191->69192 69193 7ff7d788457f 69192->69193 69194 7ff7d788c5c0 _log10_special 8 API calls 69193->69194 69195 7ff7d78845a7 69194->69195 69195->69127 69195->69128 69197 7ff7d7889400 2 API calls 69196->69197 69198 7ff7d7889084 LoadLibraryExW 69197->69198 69199 7ff7d78890a3 __std_exception_destroy 69198->69199 69199->69135 69200->69142 69201->69121 69202->69142 69203->69142 69204->69142 69206 7ff7d788541c 69205->69206 69207 7ff7d7885424 69206->69207 69208 7ff7d78855c4 69206->69208 69241 7ff7d7896b14 48 API calls 69206->69241 69207->69145 69209 7ff7d7885787 __std_exception_destroy 69208->69209 69210 7ff7d78847c0 47 API calls 69208->69210 69209->69145 69210->69208 69213 7ff7d7884cb0 69212->69213 69214 7ff7d788c5c0 _log10_special 8 API calls 69213->69214 69215 7ff7d7884d1a 69214->69215 69215->69151 69215->69152 69217 7ff7d7884d55 69216->69217 69218 7ff7d7881c80 49 API calls 69217->69218 69219 7ff7d7884da1 69218->69219 69220 7ff7d7881c80 49 API calls 69219->69220 69229 7ff7d7884e23 __std_exception_destroy 69219->69229 69221 7ff7d7884de0 69220->69221 69224 7ff7d7889400 2 API calls 69221->69224 69221->69229 69222 7ff7d788c5c0 _log10_special 8 API calls 69223 7ff7d7884e6e 69222->69223 69223->69166 69223->69167 69225 7ff7d7884df6 69224->69225 69226 7ff7d7889400 2 API calls 69225->69226 69227 7ff7d7884e0d 69226->69227 69228 7ff7d7889400 2 API calls 69227->69228 69228->69229 69229->69222 69230->69154 69231->69154 69232->69154 69233->69154 69234->69154 69235->69154 69236->69154 69237->69154 69238->69176 69239->69177 69240->69154 69241->69206 69243 7ff7d78845b0 108 API calls 69242->69243 69244 7ff7d7881493 69243->69244 69245 7ff7d78814bc 69244->69245 69246 7ff7d788149b 69244->69246 69248 7ff7d7890744 73 API calls 69245->69248 69295 7ff7d7882710 54 API calls _log10_special 69246->69295 69250 7ff7d78814d1 69248->69250 69249 7ff7d78814ab 69249->69188 69251 7ff7d78814f8 69250->69251 69252 7ff7d78814d5 69250->69252 69256 7ff7d7881508 69251->69256 69257 7ff7d7881532 69251->69257 69296 7ff7d7894f78 11 API calls _get_daylight 69252->69296 69254 7ff7d78814da 69297 7ff7d7882910 54 API calls _log10_special 69254->69297 69298 7ff7d7894f78 11 API calls _get_daylight 69256->69298 69259 7ff7d7881538 69257->69259 69267 7ff7d788154b 69257->69267 69273 7ff7d7881210 69259->69273 69260 7ff7d7881510 69299 7ff7d7882910 54 API calls _log10_special 69260->69299 69263 7ff7d78900bc 74 API calls 69266 7ff7d78815c4 69263->69266 69264 7ff7d78814f3 __std_exception_destroy 69264->69263 69265 7ff7d789040c _fread_nolock 53 API calls 69265->69267 69266->69188 69267->69264 69267->69265 69268 7ff7d78815d6 69267->69268 69300 7ff7d7894f78 11 API calls _get_daylight 69268->69300 69270 7ff7d78815db 69301 7ff7d7882910 54 API calls _log10_special 69270->69301 69272->69184 69274 7ff7d7881268 69273->69274 69275 7ff7d7881297 69274->69275 69276 7ff7d788126f 69274->69276 69279 7ff7d78812d4 69275->69279 69280 7ff7d78812b1 69275->69280 69306 7ff7d7882710 54 API calls _log10_special 69276->69306 69278 7ff7d7881282 69278->69264 69284 7ff7d7881309 memcpy_s 69279->69284 69285 7ff7d78812e6 69279->69285 69307 7ff7d7894f78 11 API calls _get_daylight 69280->69307 69282 7ff7d78812b6 69308 7ff7d7882910 54 API calls _log10_special 69282->69308 69288 7ff7d789040c _fread_nolock 53 API calls 69284->69288 69290 7ff7d7890180 37 API calls 69284->69290 69291 7ff7d78812cf __std_exception_destroy 69284->69291 69292 7ff7d78813cf 69284->69292 69302 7ff7d7890b4c 69284->69302 69309 7ff7d7894f78 11 API calls _get_daylight 69285->69309 69287 7ff7d78812eb 69310 7ff7d7882910 54 API calls _log10_special 69287->69310 69288->69284 69290->69284 69291->69264 69311 7ff7d7882710 54 API calls _log10_special 69292->69311 69295->69249 69296->69254 69297->69264 69298->69260 69299->69264 69300->69270 69301->69264 69303 7ff7d7890b7c 69302->69303 69312 7ff7d789089c 69303->69312 69305 7ff7d7890b9a 69305->69284 69306->69278 69307->69282 69308->69291 69309->69287 69310->69291 69311->69291 69313 7ff7d78908e9 69312->69313 69314 7ff7d78908bc 69312->69314 69313->69305 69314->69313 69315 7ff7d78908f1 69314->69315 69316 7ff7d78908c6 69314->69316 69319 7ff7d78907dc 69315->69319 69326 7ff7d789a884 37 API calls 2 library calls 69316->69326 69327 7ff7d78954dc EnterCriticalSection 69319->69327 69321 7ff7d78907f9 69322 7ff7d789081c 74 API calls 69321->69322 69323 7ff7d7890802 69322->69323 69324 7ff7d78954e8 _fread_nolock LeaveCriticalSection 69323->69324 69325 7ff7d789080d 69324->69325 69325->69313 69326->69313 69332 7ff7d7894a4e 69328->69332 69329 7ff7d7894a73 69346 7ff7d789a884 37 API calls 2 library calls 69329->69346 69331 7ff7d7894aaf 69347 7ff7d7892c80 49 API calls _invalid_parameter_noinfo 69331->69347 69332->69329 69332->69331 69334 7ff7d7894a9d 69336 7ff7d788c5c0 _log10_special 8 API calls 69334->69336 69335 7ff7d7894b8c 69337 7ff7d789a9b8 __free_lconv_num 11 API calls 69335->69337 69338 7ff7d7881cc8 69336->69338 69337->69334 69338->68747 69339 7ff7d7894b46 69339->69335 69340 7ff7d7894bb0 69339->69340 69341 7ff7d7894b61 69339->69341 69344 7ff7d7894b58 69339->69344 69340->69335 69342 7ff7d7894bba 69340->69342 69348 7ff7d789a9b8 69341->69348 69345 7ff7d789a9b8 __free_lconv_num 11 API calls 69342->69345 69344->69335 69344->69341 69345->69334 69346->69334 69347->69339 69349 7ff7d789a9ec 69348->69349 69350 7ff7d789a9bd RtlFreeHeap 69348->69350 69349->69334 69350->69349 69351 7ff7d789a9d8 GetLastError 69350->69351 69352 7ff7d789a9e5 __free_lconv_num 69351->69352 69354 7ff7d7894f78 11 API calls _get_daylight 69352->69354 69354->69349 69357 7ff7d7895f38 69355->69357 69356 7ff7d7895f5e 69386 7ff7d7894f78 11 API calls _get_daylight 69356->69386 69357->69356 69359 7ff7d7895f91 69357->69359 69361 7ff7d7895fa4 69359->69361 69362 7ff7d7895f97 69359->69362 69360 7ff7d7895f63 69387 7ff7d789a950 37 API calls _invalid_parameter_noinfo 69360->69387 69374 7ff7d789ac98 69361->69374 69388 7ff7d7894f78 11 API calls _get_daylight 69362->69388 69366 7ff7d7884606 69366->68997 69368 7ff7d7895fc5 69381 7ff7d789ff3c 69368->69381 69369 7ff7d7895fb8 69389 7ff7d7894f78 11 API calls _get_daylight 69369->69389 69372 7ff7d7895fd8 69390 7ff7d78954e8 LeaveCriticalSection 69372->69390 69391 7ff7d78a0348 EnterCriticalSection 69374->69391 69376 7ff7d789acaf 69377 7ff7d789ad0c 19 API calls 69376->69377 69378 7ff7d789acba 69377->69378 69379 7ff7d78a03a8 _isindst LeaveCriticalSection 69378->69379 69380 7ff7d7895fae 69379->69380 69380->69368 69380->69369 69392 7ff7d789fc38 69381->69392 69384 7ff7d789ff96 69384->69372 69386->69360 69387->69366 69388->69366 69389->69366 69397 7ff7d789fc73 __vcrt_InitializeCriticalSectionEx 69392->69397 69394 7ff7d789ff11 69411 7ff7d789a950 37 API calls _invalid_parameter_noinfo 69394->69411 69396 7ff7d789fe43 69396->69384 69404 7ff7d78a6dc4 69396->69404 69397->69397 69402 7ff7d789fe3a 69397->69402 69407 7ff7d7897aac 51 API calls 3 library calls 69397->69407 69399 7ff7d789fea5 69399->69402 69408 7ff7d7897aac 51 API calls 3 library calls 69399->69408 69401 7ff7d789fec4 69401->69402 69409 7ff7d7897aac 51 API calls 3 library calls 69401->69409 69402->69396 69410 7ff7d7894f78 11 API calls _get_daylight 69402->69410 69412 7ff7d78a63c4 69404->69412 69407->69399 69408->69401 69409->69402 69410->69394 69411->69396 69413 7ff7d78a63f9 69412->69413 69414 7ff7d78a63db 69412->69414 69413->69414 69416 7ff7d78a6415 69413->69416 69466 7ff7d7894f78 11 API calls _get_daylight 69414->69466 69423 7ff7d78a69d4 69416->69423 69417 7ff7d78a63e0 69467 7ff7d789a950 37 API calls _invalid_parameter_noinfo 69417->69467 69421 7ff7d78a63ec 69421->69384 69469 7ff7d78a6708 69423->69469 69426 7ff7d78a6a61 69489 7ff7d7898590 69426->69489 69427 7ff7d78a6a49 69501 7ff7d7894f58 11 API calls _get_daylight 69427->69501 69431 7ff7d78a6a4e 69502 7ff7d7894f78 11 API calls _get_daylight 69431->69502 69459 7ff7d78a6440 69459->69421 69468 7ff7d7898568 LeaveCriticalSection 69459->69468 69466->69417 69467->69421 69470 7ff7d78a6734 69469->69470 69474 7ff7d78a674e 69469->69474 69470->69474 69514 7ff7d7894f78 11 API calls _get_daylight 69470->69514 69472 7ff7d78a6743 69515 7ff7d789a950 37 API calls _invalid_parameter_noinfo 69472->69515 69476 7ff7d78a67cc 69474->69476 69516 7ff7d7894f78 11 API calls _get_daylight 69474->69516 69475 7ff7d78a681d 69487 7ff7d78a687a 69475->69487 69520 7ff7d7899be8 37 API calls 2 library calls 69475->69520 69476->69475 69518 7ff7d7894f78 11 API calls _get_daylight 69476->69518 69479 7ff7d78a6876 69482 7ff7d78a68f8 69479->69482 69479->69487 69480 7ff7d78a6812 69519 7ff7d789a950 37 API calls _invalid_parameter_noinfo 69480->69519 69521 7ff7d789a970 17 API calls _isindst 69482->69521 69484 7ff7d78a67c1 69517 7ff7d789a950 37 API calls _invalid_parameter_noinfo 69484->69517 69487->69426 69487->69427 69522 7ff7d78a0348 EnterCriticalSection 69489->69522 69501->69431 69502->69459 69514->69472 69515->69474 69516->69484 69517->69476 69518->69480 69519->69475 69520->69479 69524 7ff7d7897968 69523->69524 69527 7ff7d7897444 69524->69527 69526 7ff7d7897981 69526->69005 69528 7ff7d789745f 69527->69528 69529 7ff7d789748e 69527->69529 69538 7ff7d789a884 37 API calls 2 library calls 69528->69538 69537 7ff7d78954dc EnterCriticalSection 69529->69537 69532 7ff7d7897493 69534 7ff7d78974b0 38 API calls 69532->69534 69533 7ff7d789747f 69533->69526 69535 7ff7d789749f 69534->69535 69536 7ff7d78954e8 _fread_nolock LeaveCriticalSection 69535->69536 69536->69533 69538->69533 69540 7ff7d788fee1 69539->69540 69541 7ff7d788feb3 69539->69541 69543 7ff7d788fed3 69540->69543 69549 7ff7d78954dc EnterCriticalSection 69540->69549 69550 7ff7d789a884 37 API calls 2 library calls 69541->69550 69543->69011 69545 7ff7d788fef8 69546 7ff7d788ff14 72 API calls 69545->69546 69547 7ff7d788ff04 69546->69547 69548 7ff7d78954e8 _fread_nolock LeaveCriticalSection 69547->69548 69548->69543 69550->69543 69551->69028 69553 7ff7d7882fe0 69554 7ff7d7882ff0 69553->69554 69555 7ff7d788302b 69554->69555 69556 7ff7d7883041 69554->69556 69581 7ff7d7882710 54 API calls _log10_special 69555->69581 69558 7ff7d7883061 69556->69558 69568 7ff7d7883077 __std_exception_destroy 69556->69568 69582 7ff7d7882710 54 API calls _log10_special 69558->69582 69560 7ff7d788c5c0 _log10_special 8 API calls 69561 7ff7d78831fa 69560->69561 69562 7ff7d7881470 116 API calls 69562->69568 69563 7ff7d7883349 69589 7ff7d7882710 54 API calls _log10_special 69563->69589 69565 7ff7d7881c80 49 API calls 69565->69568 69566 7ff7d7883333 69588 7ff7d7882710 54 API calls _log10_special 69566->69588 69568->69562 69568->69563 69568->69565 69568->69566 69569 7ff7d788330d 69568->69569 69571 7ff7d7883207 69568->69571 69580 7ff7d7883037 __std_exception_destroy 69568->69580 69587 7ff7d7882710 54 API calls _log10_special 69569->69587 69572 7ff7d7883273 69571->69572 69583 7ff7d789a474 37 API calls 2 library calls 69571->69583 69574 7ff7d788329e 69572->69574 69575 7ff7d7883290 69572->69575 69585 7ff7d7882dd0 37 API calls 69574->69585 69584 7ff7d789a474 37 API calls 2 library calls 69575->69584 69578 7ff7d788329c 69586 7ff7d7882500 54 API calls __std_exception_destroy 69578->69586 69580->69560 69581->69580 69582->69580 69583->69572 69584->69578 69585->69578 69586->69580 69587->69580 69588->69580 69589->69580

                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                    Function 00007FF7D7881000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 0 7ff7d7881000-7ff7d7883806 call 7ff7d788fe88 call 7ff7d788fe90 call 7ff7d788c8c0 call 7ff7d7895460 call 7ff7d78954f4 call 7ff7d78836b0 14 7ff7d7883808-7ff7d788380f 0->14 15 7ff7d7883814-7ff7d7883836 call 7ff7d7881950 0->15 16 7ff7d7883c97-7ff7d7883cb2 call 7ff7d788c5c0 14->16 21 7ff7d788383c-7ff7d7883856 call 7ff7d7881c80 15->21 22 7ff7d788391b-7ff7d7883931 call 7ff7d78845b0 15->22 25 7ff7d788385b-7ff7d788389b call 7ff7d7888a20 21->25 28 7ff7d788396a-7ff7d788397f call 7ff7d7882710 22->28 29 7ff7d7883933-7ff7d7883960 call 7ff7d7887f80 22->29 34 7ff7d788389d-7ff7d78838a3 25->34 35 7ff7d78838c1-7ff7d78838cc call 7ff7d7894fa0 25->35 37 7ff7d7883c8f 28->37 41 7ff7d7883984-7ff7d78839a6 call 7ff7d7881c80 29->41 42 7ff7d7883962-7ff7d7883965 call 7ff7d78900bc 29->42 38 7ff7d78838a5-7ff7d78838ad 34->38 39 7ff7d78838af-7ff7d78838bd call 7ff7d7888b90 34->39 49 7ff7d78839fc-7ff7d7883a2a call 7ff7d7888b30 call 7ff7d7888b90 * 3 35->49 50 7ff7d78838d2-7ff7d78838e1 call 7ff7d7888a20 35->50 37->16 38->39 39->35 51 7ff7d78839b0-7ff7d78839b9 41->51 42->28 76 7ff7d7883a2f-7ff7d7883a3e call 7ff7d7888a20 49->76 59 7ff7d78838e7-7ff7d78838ed 50->59 60 7ff7d78839f4-7ff7d78839f7 call 7ff7d7894fa0 50->60 51->51 54 7ff7d78839bb-7ff7d78839d8 call 7ff7d7881950 51->54 54->25 68 7ff7d78839de-7ff7d78839ef call 7ff7d7882710 54->68 61 7ff7d78838f0-7ff7d78838fc 59->61 60->49 65 7ff7d78838fe-7ff7d7883903 61->65 66 7ff7d7883905-7ff7d7883908 61->66 65->61 65->66 66->60 69 7ff7d788390e-7ff7d7883916 call 7ff7d7894fa0 66->69 68->37 69->76 79 7ff7d7883b45-7ff7d7883b53 76->79 80 7ff7d7883a44-7ff7d7883a47 76->80 81 7ff7d7883b59-7ff7d7883b5d 79->81 82 7ff7d7883a67 79->82 80->79 83 7ff7d7883a4d-7ff7d7883a50 80->83 84 7ff7d7883a6b-7ff7d7883a90 call 7ff7d7894fa0 81->84 82->84 85 7ff7d7883a56-7ff7d7883a5a 83->85 86 7ff7d7883b14-7ff7d7883b17 83->86 95 7ff7d7883aab-7ff7d7883ac0 84->95 96 7ff7d7883a92-7ff7d7883aa6 call 7ff7d7888b30 84->96 85->86 87 7ff7d7883a60 85->87 88 7ff7d7883b19-7ff7d7883b1d 86->88 89 7ff7d7883b2f-7ff7d7883b40 call 7ff7d7882710 86->89 87->82 88->89 91 7ff7d7883b1f-7ff7d7883b2a 88->91 97 7ff7d7883c7f-7ff7d7883c87 89->97 91->84 99 7ff7d7883be8-7ff7d7883bfa call 7ff7d7888a20 95->99 100 7ff7d7883ac6-7ff7d7883aca 95->100 96->95 97->37 108 7ff7d7883c2e 99->108 109 7ff7d7883bfc-7ff7d7883c02 99->109 102 7ff7d7883bcd-7ff7d7883be2 call 7ff7d7881940 100->102 103 7ff7d7883ad0-7ff7d7883ae8 call 7ff7d78952c0 100->103 102->99 102->100 113 7ff7d7883aea-7ff7d7883b02 call 7ff7d78952c0 103->113 114 7ff7d7883b62-7ff7d7883b7a call 7ff7d78952c0 103->114 115 7ff7d7883c31-7ff7d7883c40 call 7ff7d7894fa0 108->115 111 7ff7d7883c1e-7ff7d7883c2c 109->111 112 7ff7d7883c04-7ff7d7883c1c 109->112 111->115 112->115 113->102 124 7ff7d7883b08-7ff7d7883b0f 113->124 122 7ff7d7883b7c-7ff7d7883b80 114->122 123 7ff7d7883b87-7ff7d7883b9f call 7ff7d78952c0 114->123 125 7ff7d7883c46-7ff7d7883c4a 115->125 126 7ff7d7883d41-7ff7d7883d63 call 7ff7d78844d0 115->126 122->123 138 7ff7d7883bac-7ff7d7883bc4 call 7ff7d78952c0 123->138 139 7ff7d7883ba1-7ff7d7883ba5 123->139 124->102 128 7ff7d7883cd4-7ff7d7883ce6 call 7ff7d7888a20 125->128 129 7ff7d7883c50-7ff7d7883c5f call 7ff7d78890e0 125->129 136 7ff7d7883d65-7ff7d7883d6f call 7ff7d7884620 126->136 137 7ff7d7883d71-7ff7d7883d82 call 7ff7d7881c80 126->137 143 7ff7d7883ce8-7ff7d7883ceb 128->143 144 7ff7d7883d35-7ff7d7883d3c 128->144 141 7ff7d7883cb3-7ff7d7883cbd call 7ff7d7888850 129->141 142 7ff7d7883c61 129->142 151 7ff7d7883d87-7ff7d7883d96 136->151 137->151 138->102 159 7ff7d7883bc6 138->159 139->138 164 7ff7d7883cc8-7ff7d7883ccf 141->164 165 7ff7d7883cbf-7ff7d7883cc6 141->165 148 7ff7d7883c68 call 7ff7d7882710 142->148 143->144 149 7ff7d7883ced-7ff7d7883d10 call 7ff7d7881c80 143->149 144->148 160 7ff7d7883c6d-7ff7d7883c77 148->160 166 7ff7d7883d2b-7ff7d7883d33 call 7ff7d7894fa0 149->166 167 7ff7d7883d12-7ff7d7883d26 call 7ff7d7882710 call 7ff7d7894fa0 149->167 156 7ff7d7883d98-7ff7d7883d9f 151->156 157 7ff7d7883dc4-7ff7d7883dda call 7ff7d7889400 151->157 156->157 162 7ff7d7883da1-7ff7d7883da5 156->162 172 7ff7d7883ddc 157->172 173 7ff7d7883de8-7ff7d7883e04 SetDllDirectoryW 157->173 159->102 160->97 162->157 168 7ff7d7883da7-7ff7d7883dbe SetDllDirectoryW LoadLibraryExW 162->168 164->151 165->148 166->151 167->160 168->157 172->173 174 7ff7d7883e0a-7ff7d7883e19 call 7ff7d7888a20 173->174 175 7ff7d7883f01-7ff7d7883f08 173->175 187 7ff7d7883e1b-7ff7d7883e21 174->187 188 7ff7d7883e32-7ff7d7883e3c call 7ff7d7894fa0 174->188 180 7ff7d7883f0e-7ff7d7883f15 175->180 181 7ff7d7883ffc-7ff7d7884004 175->181 180->181 184 7ff7d7883f1b-7ff7d7883f25 call 7ff7d78833c0 180->184 185 7ff7d7884029-7ff7d7884034 call 7ff7d78836a0 call 7ff7d7883360 181->185 186 7ff7d7884006-7ff7d7884023 PostMessageW GetMessageW 181->186 184->160 198 7ff7d7883f2b-7ff7d7883f3f call 7ff7d78890c0 184->198 200 7ff7d7884039-7ff7d788405b call 7ff7d7883670 call 7ff7d7886fb0 call 7ff7d7886d60 185->200 186->185 192 7ff7d7883e2d-7ff7d7883e2f 187->192 193 7ff7d7883e23-7ff7d7883e2b 187->193 201 7ff7d7883ef2-7ff7d7883efc call 7ff7d7888b30 188->201 202 7ff7d7883e42-7ff7d7883e48 188->202 192->188 193->192 207 7ff7d7883f64-7ff7d7883fa7 call 7ff7d7888b30 call 7ff7d7888bd0 call 7ff7d7886fb0 call 7ff7d7886d60 call 7ff7d7888ad0 198->207 208 7ff7d7883f41-7ff7d7883f5e PostMessageW GetMessageW 198->208 201->175 202->201 206 7ff7d7883e4e-7ff7d7883e54 202->206 210 7ff7d7883e56-7ff7d7883e58 206->210 211 7ff7d7883e5f-7ff7d7883e61 206->211 249 7ff7d7883fe9-7ff7d7883ff7 call 7ff7d7881900 207->249 250 7ff7d7883fa9-7ff7d7883fb3 call 7ff7d7889200 207->250 208->207 214 7ff7d7883e5a 210->214 215 7ff7d7883e67-7ff7d7883e83 call 7ff7d7886db0 call 7ff7d7887330 210->215 211->175 211->215 214->175 227 7ff7d7883e8e-7ff7d7883e95 215->227 228 7ff7d7883e85-7ff7d7883e8c 215->228 231 7ff7d7883e97-7ff7d7883ea4 call 7ff7d7886df0 227->231 232 7ff7d7883eaf-7ff7d7883eb9 call 7ff7d78871a0 227->232 230 7ff7d7883edb-7ff7d7883ef0 call 7ff7d7882a50 call 7ff7d7886fb0 call 7ff7d7886d60 228->230 230->175 231->232 243 7ff7d7883ea6-7ff7d7883ead 231->243 244 7ff7d7883ebb-7ff7d7883ec2 232->244 245 7ff7d7883ec4-7ff7d7883ed2 call 7ff7d78874e0 232->245 243->230 244->230 245->175 255 7ff7d7883ed4 245->255 249->160 250->249 259 7ff7d7883fb5-7ff7d7883fca 250->259 255->230 260 7ff7d7883fcc-7ff7d7883fdf call 7ff7d7882710 call 7ff7d7881900 259->260 261 7ff7d7883fe4 call 7ff7d7882a50 259->261 260->160 261->249
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                    • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                                    • API String ID: 2776309574-4232158417
                                                                                                                                                                                                                                    • Opcode ID: c0a66ebca772141f760a29a0dd77fc68e5502f7a94feb123d2d63e937376cc0c
                                                                                                                                                                                                                                    • Instruction ID: a44dda6e8283b8cdbdb2340f4d74829d085d358531650812dc4bd1af44a442fe
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0a66ebca772141f760a29a0dd77fc68e5502f7a94feb123d2d63e937376cc0c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C325921A0868291FB25BB25E5553BDEEA1AF44780FC44037DA5D43BD6EF2CE57AC320
                                                                                                                                                                                                                                    Function 00007FF7D78A69D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 465 7ff7d78a69d4-7ff7d78a6a47 call 7ff7d78a6708 468 7ff7d78a6a61-7ff7d78a6a6b call 7ff7d7898590 465->468 469 7ff7d78a6a49-7ff7d78a6a52 call 7ff7d7894f58 465->469 475 7ff7d78a6a86-7ff7d78a6aef CreateFileW 468->475 476 7ff7d78a6a6d-7ff7d78a6a84 call 7ff7d7894f58 call 7ff7d7894f78 468->476 474 7ff7d78a6a55-7ff7d78a6a5c call 7ff7d7894f78 469->474 488 7ff7d78a6da2-7ff7d78a6dc2 474->488 479 7ff7d78a6af1-7ff7d78a6af7 475->479 480 7ff7d78a6b6c-7ff7d78a6b77 GetFileType 475->480 476->474 485 7ff7d78a6b39-7ff7d78a6b67 GetLastError call 7ff7d7894eec 479->485 486 7ff7d78a6af9-7ff7d78a6afd 479->486 481 7ff7d78a6bca-7ff7d78a6bd1 480->481 482 7ff7d78a6b79-7ff7d78a6bb4 GetLastError call 7ff7d7894eec CloseHandle 480->482 491 7ff7d78a6bd3-7ff7d78a6bd7 481->491 492 7ff7d78a6bd9-7ff7d78a6bdc 481->492 482->474 499 7ff7d78a6bba-7ff7d78a6bc5 call 7ff7d7894f78 482->499 485->474 486->485 493 7ff7d78a6aff-7ff7d78a6b37 CreateFileW 486->493 496 7ff7d78a6be2-7ff7d78a6c37 call 7ff7d78984a8 491->496 492->496 498 7ff7d78a6bde 492->498 493->480 493->485 503 7ff7d78a6c56-7ff7d78a6c87 call 7ff7d78a6488 496->503 504 7ff7d78a6c39-7ff7d78a6c45 call 7ff7d78a6910 496->504 498->496 499->474 511 7ff7d78a6c89-7ff7d78a6c8b 503->511 512 7ff7d78a6c8d-7ff7d78a6ccf 503->512 504->503 510 7ff7d78a6c47 504->510 513 7ff7d78a6c49-7ff7d78a6c51 call 7ff7d789ab30 510->513 511->513 514 7ff7d78a6cf1-7ff7d78a6cfc 512->514 515 7ff7d78a6cd1-7ff7d78a6cd5 512->515 513->488 518 7ff7d78a6da0 514->518 519 7ff7d78a6d02-7ff7d78a6d06 514->519 515->514 517 7ff7d78a6cd7-7ff7d78a6cec 515->517 517->514 518->488 519->518 520 7ff7d78a6d0c-7ff7d78a6d51 CloseHandle CreateFileW 519->520 522 7ff7d78a6d53-7ff7d78a6d81 GetLastError call 7ff7d7894eec call 7ff7d78986d0 520->522 523 7ff7d78a6d86-7ff7d78a6d9b 520->523 522->523 523->518
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1617910340-0
                                                                                                                                                                                                                                    • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                                    • Instruction ID: b6603550792fa0dbb59d1f43df5c1c77ef33ebabc222367d259f2a77d51ef74f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99C1D436B28A4285EB10EF65C5906AD7B61F749BA8F815236DF2E577D4DF38E022C310
                                                                                                                                                                                                                                    Function 00007FF7D78892F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                                                                                                                    • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                                    • Instruction ID: 0db2794e3a0579946cfb3dd3a1ba5e3d48d4fdb28a3ddf2cc1b67180f4108e68
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6F04422A1874286F7609B60F44976EAF50FB84764FC41336D96D02AD4DF3CD06A8B10
                                                                                                                                                                                                                                    Function 00007FFDFB96F8D0 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1766813955.00007FFDFB961000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFB960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766792416.00007FFDFB960000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766904172.00007FFDFBA8A000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766935570.00007FFDFBAB7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766957897.00007FFDFBABC000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766957897.00007FFDFBACA000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfb960000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: InfoSystem
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 31276548-0
                                                                                                                                                                                                                                    • Opcode ID: f9f7b25920dae3aac1161b1ec18df20630773ad87d50c89e9d98f821025bc521
                                                                                                                                                                                                                                    • Instruction ID: d9aad697dd38b75e808e379a64f3ca3d19784b80add1037b8d5af90607991808
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9f7b25920dae3aac1161b1ec18df20630773ad87d50c89e9d98f821025bc521
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EAA10925B0BB0B89FF588B55A870B3432A2FF55B44F548539C93E467F8EFACA4918740
                                                                                                                                                                                                                                    Function 00007FF7D7881950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 267 7ff7d7881950-7ff7d788198b call 7ff7d78845b0 270 7ff7d7881c4e-7ff7d7881c72 call 7ff7d788c5c0 267->270 271 7ff7d7881991-7ff7d78819d1 call 7ff7d7887f80 267->271 276 7ff7d7881c3b-7ff7d7881c3e call 7ff7d78900bc 271->276 277 7ff7d78819d7-7ff7d78819e7 call 7ff7d7890744 271->277 281 7ff7d7881c43-7ff7d7881c4b 276->281 282 7ff7d78819e9-7ff7d7881a03 call 7ff7d7894f78 call 7ff7d7882910 277->282 283 7ff7d7881a08-7ff7d7881a24 call 7ff7d789040c 277->283 281->270 282->276 288 7ff7d7881a26-7ff7d7881a40 call 7ff7d7894f78 call 7ff7d7882910 283->288 289 7ff7d7881a45-7ff7d7881a5a call 7ff7d7894f98 283->289 288->276 297 7ff7d7881a5c-7ff7d7881a76 call 7ff7d7894f78 call 7ff7d7882910 289->297 298 7ff7d7881a7b-7ff7d7881b05 call 7ff7d7881c80 * 2 call 7ff7d7890744 call 7ff7d7894fb4 289->298 297->276 311 7ff7d7881b0a-7ff7d7881b14 298->311 312 7ff7d7881b16-7ff7d7881b30 call 7ff7d7894f78 call 7ff7d7882910 311->312 313 7ff7d7881b35-7ff7d7881b4e call 7ff7d789040c 311->313 312->276 318 7ff7d7881b50-7ff7d7881b6a call 7ff7d7894f78 call 7ff7d7882910 313->318 319 7ff7d7881b6f-7ff7d7881b8b call 7ff7d7890180 313->319 318->276 327 7ff7d7881b9e-7ff7d7881bac 319->327 328 7ff7d7881b8d-7ff7d7881b99 call 7ff7d7882710 319->328 327->276 331 7ff7d7881bb2-7ff7d7881bb9 327->331 328->276 333 7ff7d7881bc1-7ff7d7881bc7 331->333 334 7ff7d7881bc9-7ff7d7881bd6 333->334 335 7ff7d7881be0-7ff7d7881bef 333->335 336 7ff7d7881bf1-7ff7d7881bfa 334->336 335->335 335->336 337 7ff7d7881bfc-7ff7d7881bff 336->337 338 7ff7d7881c0f 336->338 337->338 339 7ff7d7881c01-7ff7d7881c04 337->339 340 7ff7d7881c11-7ff7d7881c24 338->340 339->338 341 7ff7d7881c06-7ff7d7881c09 339->341 342 7ff7d7881c2d-7ff7d7881c39 340->342 343 7ff7d7881c26 340->343 341->338 344 7ff7d7881c0b-7ff7d7881c0d 341->344 342->276 342->333 343->342 344->340
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7887F80: _fread_nolock.LIBCMT ref: 00007FF7D788802A
                                                                                                                                                                                                                                    • _fread_nolock.LIBCMT ref: 00007FF7D7881A1B
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7882910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7D7881B6A), ref: 00007FF7D788295E
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                    • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                    • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                    • Opcode ID: abc02df14881b8553accab44fb79ef53eaa7c88a432e732f5ead529d710b0ae2
                                                                                                                                                                                                                                    • Instruction ID: 04a4cbaaf3d2ff021a30818c2cc35aa584574001305bdc354849004b5c4b1271
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: abc02df14881b8553accab44fb79ef53eaa7c88a432e732f5ead529d710b0ae2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F819171E0968285EB60EB25E0406BDABA1EF48784FC4443BE98D47785DF3CE5A78760
                                                                                                                                                                                                                                    Function 00007FF7D7881470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                    • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                    • Opcode ID: 3899eae9b9cf556598d50536af751799a91292f9e5d7650659be9fe1a68b4b95
                                                                                                                                                                                                                                    • Instruction ID: c8cf36d66b0b1a92386cb399bd93aa263742d47471353174318a207c783778c6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3899eae9b9cf556598d50536af751799a91292f9e5d7650659be9fe1a68b4b95
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D415B22A0864386EB10EB25A5405BDEB90BF44794FC44937EE4D47B95EF3CE5678720
                                                                                                                                                                                                                                    Function 00007FF7D7881210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 528 7ff7d7881210-7ff7d788126d call 7ff7d788bdf0 531 7ff7d7881297-7ff7d78812af call 7ff7d7894fb4 528->531 532 7ff7d788126f-7ff7d7881296 call 7ff7d7882710 528->532 537 7ff7d78812d4-7ff7d78812e4 call 7ff7d7894fb4 531->537 538 7ff7d78812b1-7ff7d78812cf call 7ff7d7894f78 call 7ff7d7882910 531->538 544 7ff7d7881309-7ff7d788131b 537->544 545 7ff7d78812e6-7ff7d7881304 call 7ff7d7894f78 call 7ff7d7882910 537->545 549 7ff7d7881439-7ff7d788146d call 7ff7d788bad0 call 7ff7d7894fa0 * 2 538->549 548 7ff7d7881320-7ff7d7881345 call 7ff7d789040c 544->548 545->549 557 7ff7d788134b-7ff7d7881355 call 7ff7d7890180 548->557 558 7ff7d7881431 548->558 557->558 564 7ff7d788135b-7ff7d7881367 557->564 558->549 566 7ff7d7881370-7ff7d7881398 call 7ff7d788a230 564->566 569 7ff7d788139a-7ff7d788139d 566->569 570 7ff7d7881416-7ff7d788142c call 7ff7d7882710 566->570 571 7ff7d7881411 569->571 572 7ff7d788139f-7ff7d78813a9 569->572 570->558 571->570 574 7ff7d78813ab-7ff7d78813b9 call 7ff7d7890b4c 572->574 575 7ff7d78813d4-7ff7d78813d7 572->575 581 7ff7d78813be-7ff7d78813c1 574->581 577 7ff7d78813ea-7ff7d78813ef 575->577 578 7ff7d78813d9-7ff7d78813e7 call 7ff7d78a9ea0 575->578 577->566 580 7ff7d78813f5-7ff7d78813f8 577->580 578->577 583 7ff7d788140c-7ff7d788140f 580->583 584 7ff7d78813fa-7ff7d78813fd 580->584 585 7ff7d78813c3-7ff7d78813cd call 7ff7d7890180 581->585 586 7ff7d78813cf-7ff7d78813d2 581->586 583->558 584->570 587 7ff7d78813ff-7ff7d7881407 584->587 585->577 585->586 586->570 587->548
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                    • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                    • Opcode ID: 5578c14fe94a244900e9a575e4f77a257a8de495ed559fdf9b362ebbbffb2fa7
                                                                                                                                                                                                                                    • Instruction ID: 0c9f466ea34811458af936a51e5dba4489333123ba21819dd1b066f672178a29
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5578c14fe94a244900e9a575e4f77a257a8de495ed559fdf9b362ebbbffb2fa7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3051B022A0868285E660BB15F4403BEEA91BF85794FC8413AED4D47BD5EF3CE527C720
                                                                                                                                                                                                                                    Function 00007FF7D78836B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,00007FF7D7883804), ref: 00007FF7D78836E1
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7D7883804), ref: 00007FF7D78836EB
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7882C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7D7883706,?,00007FF7D7883804), ref: 00007FF7D7882C9E
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7882C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7D7883706,?,00007FF7D7883804), ref: 00007FF7D7882D63
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7882C50: MessageBoxW.USER32 ref: 00007FF7D7882D99
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                    • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                    • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                    • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                                    • Instruction ID: 2f97f00b549d28646aadfc7dd46646a15c573a46a6bd0b1b5ff26287f18c67f2
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31214F61B1864291FA20B724F9113BEAA91BF89354FC04137E55EC3AD5EE2CE526C720
                                                                                                                                                                                                                                    Function 00007FF7D789BACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 689 7ff7d789bacc-7ff7d789baf2 690 7ff7d789baf4-7ff7d789bb08 call 7ff7d7894f58 call 7ff7d7894f78 689->690 691 7ff7d789bb0d-7ff7d789bb11 689->691 705 7ff7d789befe 690->705 692 7ff7d789bee7-7ff7d789bef3 call 7ff7d7894f58 call 7ff7d7894f78 691->692 693 7ff7d789bb17-7ff7d789bb1e 691->693 712 7ff7d789bef9 call 7ff7d789a950 692->712 693->692 695 7ff7d789bb24-7ff7d789bb52 693->695 695->692 699 7ff7d789bb58-7ff7d789bb5f 695->699 702 7ff7d789bb61-7ff7d789bb73 call 7ff7d7894f58 call 7ff7d7894f78 699->702 703 7ff7d789bb78-7ff7d789bb7b 699->703 702->712 708 7ff7d789bb81-7ff7d789bb87 703->708 709 7ff7d789bee3-7ff7d789bee5 703->709 710 7ff7d789bf01-7ff7d789bf18 705->710 708->709 713 7ff7d789bb8d-7ff7d789bb90 708->713 709->710 712->705 713->702 716 7ff7d789bb92-7ff7d789bbb7 713->716 718 7ff7d789bbea-7ff7d789bbf1 716->718 719 7ff7d789bbb9-7ff7d789bbbb 716->719 722 7ff7d789bbf3-7ff7d789bbff call 7ff7d789d66c 718->722 723 7ff7d789bbc6-7ff7d789bbdd call 7ff7d7894f58 call 7ff7d7894f78 call 7ff7d789a950 718->723 720 7ff7d789bbe2-7ff7d789bbe8 719->720 721 7ff7d789bbbd-7ff7d789bbc4 719->721 725 7ff7d789bc68-7ff7d789bc7f 720->725 721->720 721->723 730 7ff7d789bc04-7ff7d789bc1b call 7ff7d789a9b8 * 2 722->730 753 7ff7d789bd70 723->753 728 7ff7d789bc81-7ff7d789bc89 725->728 729 7ff7d789bcfa-7ff7d789bd04 call 7ff7d78a398c 725->729 728->729 733 7ff7d789bc8b-7ff7d789bc8d 728->733 740 7ff7d789bd0a-7ff7d789bd1f 729->740 741 7ff7d789bd8e 729->741 749 7ff7d789bc38-7ff7d789bc63 call 7ff7d789c2f4 730->749 750 7ff7d789bc1d-7ff7d789bc33 call 7ff7d7894f78 call 7ff7d7894f58 730->750 733->729 737 7ff7d789bc8f-7ff7d789bca5 733->737 737->729 742 7ff7d789bca7-7ff7d789bcb3 737->742 740->741 747 7ff7d789bd21-7ff7d789bd33 GetConsoleMode 740->747 745 7ff7d789bd93-7ff7d789bdb3 ReadFile 741->745 742->729 748 7ff7d789bcb5-7ff7d789bcb7 742->748 751 7ff7d789bdb9-7ff7d789bdc1 745->751 752 7ff7d789bead-7ff7d789beb6 GetLastError 745->752 747->741 754 7ff7d789bd35-7ff7d789bd3d 747->754 748->729 755 7ff7d789bcb9-7ff7d789bcd1 748->755 749->725 750->753 751->752 758 7ff7d789bdc7 751->758 761 7ff7d789bed3-7ff7d789bed6 752->761 762 7ff7d789beb8-7ff7d789bece call 7ff7d7894f78 call 7ff7d7894f58 752->762 763 7ff7d789bd73-7ff7d789bd7d call 7ff7d789a9b8 753->763 754->745 760 7ff7d789bd3f-7ff7d789bd61 ReadConsoleW 754->760 755->729 756 7ff7d789bcd3-7ff7d789bcdf 755->756 756->729 764 7ff7d789bce1-7ff7d789bce3 756->764 768 7ff7d789bdce-7ff7d789bde3 758->768 770 7ff7d789bd82-7ff7d789bd8c 760->770 771 7ff7d789bd63 GetLastError 760->771 765 7ff7d789bd69-7ff7d789bd6b call 7ff7d7894eec 761->765 766 7ff7d789bedc-7ff7d789bede 761->766 762->753 763->710 764->729 775 7ff7d789bce5-7ff7d789bcf5 764->775 765->753 766->763 768->763 777 7ff7d789bde5-7ff7d789bdf0 768->777 770->768 771->765 775->729 781 7ff7d789bdf2-7ff7d789be0b call 7ff7d789b6e4 777->781 782 7ff7d789be17-7ff7d789be1f 777->782 789 7ff7d789be10-7ff7d789be12 781->789 786 7ff7d789be21-7ff7d789be33 782->786 787 7ff7d789be9b-7ff7d789bea8 call 7ff7d789b524 782->787 790 7ff7d789be35 786->790 791 7ff7d789be8e-7ff7d789be96 786->791 787->789 789->763 793 7ff7d789be3a-7ff7d789be41 790->793 791->763 794 7ff7d789be43-7ff7d789be47 793->794 795 7ff7d789be7d-7ff7d789be88 793->795 796 7ff7d789be63 794->796 797 7ff7d789be49-7ff7d789be50 794->797 795->791 799 7ff7d789be69-7ff7d789be79 796->799 797->796 798 7ff7d789be52-7ff7d789be56 797->798 798->796 800 7ff7d789be58-7ff7d789be61 798->800 799->793 801 7ff7d789be7b 799->801 800->799 801->791
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                                                                    • Instruction ID: b9bce40292fd8c6979c394013ee3f8983f92a674d5b6e1528590e385f3086de6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6CC1A222A0CA8695E761AB1594442BEEF64EF81B90FD54133EA4E037D1DF7CF8668720
                                                                                                                                                                                                                                    Function 00007FF7D7886350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                    • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                    • Opcode ID: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                                                    • Instruction ID: e20e9c4cb68c4ffeff38d34b86d15cbac0257ee82ef9db46391f3dafd82b78a3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97415E21A18A8691EB11FB21F5142EDEB61FB54394FC00133EA5D43696EF3CE627C760
                                                                                                                                                                                                                                    Function 00007FF7D7895698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1279662727-0
                                                                                                                                                                                                                                    • Opcode ID: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                                                                    • Instruction ID: 2a3eabd9cc05273cdadfd391715ddb20a8b379bfdb0c9da0a7480df5d0a12bf8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7741B322D1878283E710AB20955137DAB60FB94764F909336EA5C03AD2DF7CF6F28720
                                                                                                                                                                                                                                    Function 00007FF7D788CCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3251591375-0
                                                                                                                                                                                                                                    • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                                    • Instruction ID: 1e1e05b80d79cf4b9980dbc2b6663015e5288b444cb13da6af3485d257190a84
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B313920E0824341FA64BB25E4653BDEF91AF85784FC44477EA4D4B2DBDE2CB8278270
                                                                                                                                                                                                                                    Function 00007FF7D78901AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 965 7ff7d78901ac-7ff7d78901d9 966 7ff7d78901f5 965->966 967 7ff7d78901db-7ff7d78901de 965->967 969 7ff7d78901f7-7ff7d789020b 966->969 967->966 968 7ff7d78901e0-7ff7d78901e3 967->968 970 7ff7d78901e5-7ff7d78901ea call 7ff7d7894f78 968->970 971 7ff7d789020c-7ff7d789020f 968->971 981 7ff7d78901f0 call 7ff7d789a950 970->981 973 7ff7d789021f-7ff7d7890223 971->973 974 7ff7d7890211-7ff7d789021d 971->974 977 7ff7d7890225-7ff7d789022f call 7ff7d78aa540 973->977 978 7ff7d7890237-7ff7d789023a 973->978 974->973 976 7ff7d789024a-7ff7d7890253 974->976 979 7ff7d7890255-7ff7d7890258 976->979 980 7ff7d789025a 976->980 977->978 978->970 983 7ff7d789023c-7ff7d7890248 978->983 984 7ff7d789025f-7ff7d789027e 979->984 980->984 981->966 983->970 983->976 987 7ff7d7890284-7ff7d7890292 984->987 988 7ff7d78903c5-7ff7d78903c8 984->988 989 7ff7d7890294-7ff7d789029b 987->989 990 7ff7d789030a-7ff7d789030f 987->990 988->969 989->990 991 7ff7d789029d 989->991 992 7ff7d7890311-7ff7d789031d 990->992 993 7ff7d789037c-7ff7d789037f call 7ff7d789bf1c 990->993 995 7ff7d78903f0 991->995 996 7ff7d78902a3-7ff7d78902ad 991->996 997 7ff7d789031f-7ff7d7890326 992->997 998 7ff7d7890329-7ff7d789032f 992->998 1000 7ff7d7890384-7ff7d7890387 993->1000 999 7ff7d78903f5-7ff7d7890400 995->999 1001 7ff7d78902b3-7ff7d78902b9 996->1001 1002 7ff7d78903cd-7ff7d78903d1 996->1002 997->998 998->1002 1003 7ff7d7890335-7ff7d7890352 call 7ff7d789a4ec call 7ff7d789bacc 998->1003 999->969 1000->999 1004 7ff7d7890389-7ff7d789038c 1000->1004 1005 7ff7d78902f1-7ff7d7890305 1001->1005 1006 7ff7d78902bb-7ff7d78902be 1001->1006 1007 7ff7d78903e0-7ff7d78903eb call 7ff7d7894f78 1002->1007 1008 7ff7d78903d3-7ff7d78903db call 7ff7d78aa540 1002->1008 1025 7ff7d7890357-7ff7d7890359 1003->1025 1004->1002 1010 7ff7d789038e-7ff7d78903a5 1004->1010 1011 7ff7d78903ac-7ff7d78903b7 1005->1011 1012 7ff7d78902c0-7ff7d78902c6 1006->1012 1013 7ff7d78902dc-7ff7d78902e7 call 7ff7d7894f78 call 7ff7d789a950 1006->1013 1007->981 1008->1007 1010->1011 1011->987 1018 7ff7d78903bd 1011->1018 1019 7ff7d78902d2-7ff7d78902d7 call 7ff7d78aa540 1012->1019 1020 7ff7d78902c8-7ff7d78902d0 call 7ff7d78a9ea0 1012->1020 1032 7ff7d78902ec 1013->1032 1018->988 1019->1013 1020->1032 1029 7ff7d789035f 1025->1029 1030 7ff7d7890405-7ff7d789040a 1025->1030 1029->995 1031 7ff7d7890365-7ff7d789037a 1029->1031 1030->999 1031->1011 1032->1005
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                    • Instruction ID: ae7d8cbedb661528f40a6960b66077dbe2436915a177dce3022c299961721142
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D512625B0928386E724AA6595006BEEA91BF44BA4FD44732DE6C437C5DF3CF4239620
                                                                                                                                                                                                                                    Function 00007FF7D789C1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2976181284-0
                                                                                                                                                                                                                                    • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                                    • Instruction ID: e6f6d602dfd68dacb191285fa419fc1374404429c949a81b9c5f57bc47aeb18e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC11C461618A8181DB10AB25A80416DEB61BB45BF4FD44333EE7D4B7D9CF3CE0628700
                                                                                                                                                                                                                                    Function 00007FF7D789A9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(?,?,?,00007FF7D78A2D92,?,?,?,00007FF7D78A2DCF,?,?,00000000,00007FF7D78A3295,?,?,?,00007FF7D78A31C7), ref: 00007FF7D789A9CE
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF7D78A2D92,?,?,?,00007FF7D78A2DCF,?,?,00000000,00007FF7D78A3295,?,?,?,00007FF7D78A31C7), ref: 00007FF7D789A9D8
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                                                                                                                    • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                                    • Instruction ID: ba782d0aeb341c010768430e4c8c71df15c24ec6a14877e8cfe4146ab2ec2dec
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56E0EC51F0964352FF187BB2A85517E9E91AF88B41FC54036D92D872A2EF2C78B78331
                                                                                                                                                                                                                                    Function 00007FF7D789ABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,00007FF7D789AA45,?,?,00000000,00007FF7D789AAFA), ref: 00007FF7D789AC36
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF7D789AA45,?,?,00000000,00007FF7D789AAFA), ref: 00007FF7D789AC40
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 918212764-0
                                                                                                                                                                                                                                    • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                                    • Instruction ID: 1818226b3b2bdd0384c7e1de3c55647bdb0917111769e61ef7448c297eb51d67
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C321A111B1C64242EEA07761949027D9E829F84BA4FD84237DA2E4B3C1CF6CF4A7C321
                                                                                                                                                                                                                                    Function 00007FF7D789BF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                                                    • Instruction ID: 98834587ee2368882317ba2fe57f43672d9d764f165dd91ff190caf17ee7553e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D041C23290820187EA74AB26A54427DBFA4EB55B90FD40133EA8E43691DF2DF463CB61
                                                                                                                                                                                                                                    Function 00007FF7D7887F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _fread_nolock
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 840049012-0
                                                                                                                                                                                                                                    • Opcode ID: e030e723ccfde11af85d0dda47479fa887e00b1a31505a58a3447353ba43a7bb
                                                                                                                                                                                                                                    • Instruction ID: 1f3a691f4e173889a873338644dd5e6afa1171e837590ef0936b8296cfd70af4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e030e723ccfde11af85d0dda47479fa887e00b1a31505a58a3447353ba43a7bb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D721A621B586A285FA50BA2279043BEEA91BF45BD4FCC4432EE5D0B786DF7DE0538610
                                                                                                                                                                                                                                    Function 00007FF7D789B9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                                                    • Instruction ID: ca408815402b961c2bc0d5bd6b14ae0c8d8192cf1d5033fb56fe69adde7c62e4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4316F31A18A5289E7527B56884137DAE90AF40BA4FD60137E96D133D2DF7CF4638731
                                                                                                                                                                                                                                    Function 00007FF7D7896004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                    • Instruction ID: 4a0a85e7946c71bf497df653b1b6f2bf7199e0377da8a37046d7c028ec45073d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A119322A1C64281EA60BF11940217EEA60BF85B94FD44033FB4C57BD6EF3DF5628721
                                                                                                                                                                                                                                    Function 00007FF7D78A63C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                                    • Instruction ID: 37fc20d14b336e6d18f76a375dc428a52ecc951bf47a79200b01b7e3ed345ffb
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD21F972B08A4287D760AF18D54037DBBA0FB84B54FD40236E69E876D9DF3CD4228B10
                                                                                                                                                                                                                                    Function 00007FF7D789042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                    • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                    • Instruction ID: d0ff603419b202146d08c3213b403823f3d0c15b2b47c95d6d022ea226cda482
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A01C465A0878241EA04FF52990106DEAA5BF85FE4FD84632EE6C57BD6DF3CF1228310
                                                                                                                                                                                                                                    Function 00007FF7D7889070 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7889400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7D78845E4,00000000,00007FF7D7881985), ref: 00007FF7D7889439
                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00007FF7D7886466,?,00007FF7D788336E), ref: 00007FF7D7889092
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2592636585-0
                                                                                                                                                                                                                                    • Opcode ID: 7140f7c55cf735ced6a4f02887063d730e60c19ae08c919a697b9dfe54228ee6
                                                                                                                                                                                                                                    • Instruction ID: 0671caaf3abbd947aa242cec1a2f8acef6dbffaa85cfa9e0563ccc273d5842c9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7140f7c55cf735ced6a4f02887063d730e60c19ae08c919a697b9dfe54228ee6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CFD0C211F2424641EB94B767BA4663E9A51AFCDBC4FC8C036EE0D03B4AEC3CD0624B00
                                                                                                                                                                                                                                    Function 00007FF7D789D66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(?,?,?,00007FF7D7890D00,?,?,?,00007FF7D789236A,?,?,?,?,?,00007FF7D7893B59), ref: 00007FF7D789D6AA
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                                                                                                                    • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                                    • Instruction ID: c1180c5f78d316db3f29bb1c1106953c490147daf7a6f24e1abfe88371a64bd6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59F03414A0DB0244FE667A61591127DAA904F95BA0FC842329D2E866C2EF6CB4A28274

                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                    Function 00007FF7D7888BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                                    • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                                    • API String ID: 3832162212-3165540532
                                                                                                                                                                                                                                    • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                                                    • Instruction ID: c89b89711fc49d92e8ffa6b6e568fa60a66818e57f1108977d371edfae77e1d7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3D17332A18A8286E710AF74E8542ADBF65FF84B58FC00237DA5D43A98DF3CD566C710
                                                                                                                                                                                                                                    Function 00007FFDFAF93229 Relevance: 21.3, APIs: 14, Instructions: 251fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide_errno$FileFind$ErrorFirstLastNextfreemallocmemset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3372420414-0
                                                                                                                                                                                                                                    • Opcode ID: b84a2f744cee5a13916b1079a4c81b9897484e08d179ab741295abe408a7cb8c
                                                                                                                                                                                                                                    • Instruction ID: e6493523117eefc60f7672c0119093cb991e7684208d30a28c3c264572cd4ac3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b84a2f744cee5a13916b1079a4c81b9897484e08d179ab741295abe408a7cb8c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77B19423F06E4385EB109F65D46467967A4FF49BA8F488235DA6D937E8EF3DE0918300
                                                                                                                                                                                                                                    Function 00007FFDFAF9266C Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 168COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: EnvironmentVariable$ByteCharMultiWide
                                                                                                                                                                                                                                    • String ID: .rnd$HOME$RANDFILE$SYSTEMROOT$USERPROFILE
                                                                                                                                                                                                                                    • API String ID: 2184640988-1666712896
                                                                                                                                                                                                                                    • Opcode ID: 419c88fdedd40b7a4bd6282dbefca93637e627fdfe4ba8766129e23dca955196
                                                                                                                                                                                                                                    • Instruction ID: bef1ac219996a904787988a5b380e2fda6fb05b8cec9d6c074b1262971328c47
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 419c88fdedd40b7a4bd6282dbefca93637e627fdfe4ba8766129e23dca955196
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD61F726B0A78385EB119F26986097977A1FF59BA8B448231DE3D43BE9DF3DE045C300
                                                                                                                                                                                                                                    Function 00007FFDFAE718D0 Relevance: 13.9, APIs: 9, Instructions: 423COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Mem_$FreeSubtypeType_$DataErr_FromKindMallocMemoryReallocUnicode_
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3719493655-0
                                                                                                                                                                                                                                    • Opcode ID: 64664d73ce33971d04b3be62180a62d679555632f891a935f9b5934adbaad75e
                                                                                                                                                                                                                                    • Instruction ID: d56b4fb1578105b94904b71895c196305823d8c4b62dd01dbd5f8b675d43f5b4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64664d73ce33971d04b3be62180a62d679555632f891a935f9b5934adbaad75e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF02F172B0865282EB6CAB14F424E7837A5EF94740F4441B1DA7F867ECEE2EE845D300
                                                                                                                                                                                                                                    Function 00007FFDFAF95A1F Relevance: 13.6, APIs: 9, Instructions: 73COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                                                                                                                    • Opcode ID: 836932d6aed314119f7ddbe256598baef3b0bd20caf5fb751809a6c17d89e7ea
                                                                                                                                                                                                                                    • Instruction ID: d0c8548dbbd36baaa8ac881002b729ddbf42b6b62ef862e6ed7ca955c5eb710d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 836932d6aed314119f7ddbe256598baef3b0bd20caf5fb751809a6c17d89e7ea
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A314172B0AB8286EB609F60E8507EE7365FB88749F44443ADA5D87AD8DF38D548C710
                                                                                                                                                                                                                                    Function 00007FFDFAE73028 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                                                                                                                    • Opcode ID: f023f8fc06705e2cd2b3d1f11e1994e546badab108aef2e732383dbc37a3d3f0
                                                                                                                                                                                                                                    • Instruction ID: dca5847ff713158eccc922e79815319ddcdaee0d212fb51ae1089d8ae66f3630
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f023f8fc06705e2cd2b3d1f11e1994e546badab108aef2e732383dbc37a3d3f0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F315A72709B8286EB64AF60F860BFE3364FB94744F44407ADA6E47A88DF39C548C710
                                                                                                                                                                                                                                    Function 00007FF7D78883B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,00007FF7D7888B09,00007FF7D7883FA5), ref: 00007FF7D788841B
                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?,00007FF7D7888B09,00007FF7D7883FA5), ref: 00007FF7D788849E
                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,00007FF7D7888B09,00007FF7D7883FA5), ref: 00007FF7D78884BD
                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,00007FF7D7888B09,00007FF7D7883FA5), ref: 00007FF7D78884CB
                                                                                                                                                                                                                                    • FindClose.KERNEL32(?,00007FF7D7888B09,00007FF7D7883FA5), ref: 00007FF7D78884DC
                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?,00007FF7D7888B09,00007FF7D7883FA5), ref: 00007FF7D78884E5
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                    • String ID: %s\*
                                                                                                                                                                                                                                    • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                    • Opcode ID: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                                                    • Instruction ID: 759710245ef8afc3b71bf144a3133f5e09717944241a31bd30a60da85978b305
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15416E22A1CA5389EB20BB64F4445BDABA1FF94754FC40233D99D43698DF3CE56B8720
                                                                                                                                                                                                                                    Function 00007FFDFB966A62 Relevance: 11.0, APIs: 2, Strings: 5, Instructions: 497COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1766813955.00007FFDFB961000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFB960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766792416.00007FFDFB960000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766904172.00007FFDFBA8A000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766935570.00007FFDFBAB7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766957897.00007FFDFBABC000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766957897.00007FFDFBACA000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfb960000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: memset
                                                                                                                                                                                                                                    • String ID: 0123456789ABCDEF0123456789abcdef$Inf$NaN$VUUU$gfff
                                                                                                                                                                                                                                    • API String ID: 2221118986-2941899328
                                                                                                                                                                                                                                    • Opcode ID: 7ece922cbc936e0a8732ebad0b5a8d8ae355d80888fa67680ed0f97839f17b8b
                                                                                                                                                                                                                                    • Instruction ID: 6bd6be2423ce6a0e92bcd5564d27a52d2c7468cd1bc24698dfdfd3cc9d804567
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ece922cbc936e0a8732ebad0b5a8d8ae355d80888fa67680ed0f97839f17b8b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8126D22F1EA8749E7124A349870BBA6B96FF56384F054331DA7E536F9DF2CE4418B00
                                                                                                                                                                                                                                    Function 00007FFDFAE712E0 Relevance: 10.9, APIs: 7, Instructions: 354COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Mem_$MallocSubtypeType_$DeallocErr_FreeMemory
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4139299733-0
                                                                                                                                                                                                                                    • Opcode ID: 8e7e6a2d822f1fda85859cd2e2238dbd44a4ff3b23374d1d1e212f33de510a13
                                                                                                                                                                                                                                    • Instruction ID: 094f11eb3601e0db735b15e3a9493ae43af54da12aa51569e59df948cb524d63
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e7e6a2d822f1fda85859cd2e2238dbd44a4ff3b23374d1d1e212f33de510a13
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CBE1C072B1C6A385EB68AB14F024D7923A5FB54750F5401B1EA7F866D8EF7EE841C700
                                                                                                                                                                                                                                    Function 00007FF7D788D19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3140674995-0
                                                                                                                                                                                                                                    • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                                                    • Instruction ID: b255408ee04ef9f4b78bbcea1e80d1a021b2a8e58920117909f356765479c081
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01316172608B8186EB609F60E8803EEBB60FB88704F84413BDA4D47B95EF3CD559C720
                                                                                                                                                                                                                                    Function 00007FFDFB9AC940 Relevance: 9.4, APIs: 2, Strings: 4, Instructions: 368COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1766813955.00007FFDFB961000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFB960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766792416.00007FFDFB960000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766904172.00007FFDFBA8A000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766935570.00007FFDFBAB7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766957897.00007FFDFBABC000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766957897.00007FFDFBACA000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfb960000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: %sSCALAR SUBQUERY %d$CORRELATED $Expression tree is too large (maximum depth %d)$REUSE SUBQUERY %d
                                                                                                                                                                                                                                    • API String ID: 0-875495356
                                                                                                                                                                                                                                    • Opcode ID: 4292068f5f8050a9758627c9ad91bf375f87b898590cbfef5002ce2ad6e3136a
                                                                                                                                                                                                                                    • Instruction ID: 03be11ae1320fe36849e7b913f3ba47ee1f356cc1da14773d282b39e74076294
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4292068f5f8050a9758627c9ad91bf375f87b898590cbfef5002ce2ad6e3136a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1CF1D272B0978286E720CF25E860A6A77B4FB84B44F449235DB6D4BBE9DF38E451C700
                                                                                                                                                                                                                                    Function 00007FF7D78A5C70 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7D78A5CB5
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D78A5608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D78A561C
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D789A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7D78A2D92,?,?,?,00007FF7D78A2DCF,?,?,00000000,00007FF7D78A3295,?,?,?,00007FF7D78A31C7), ref: 00007FF7D789A9CE
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D789A9B8: GetLastError.KERNEL32(?,?,?,00007FF7D78A2D92,?,?,?,00007FF7D78A2DCF,?,?,00000000,00007FF7D78A3295,?,?,?,00007FF7D78A31C7), ref: 00007FF7D789A9D8
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D789A970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7D789A94F,?,?,?,?,?,00007FF7D789A83A), ref: 00007FF7D789A979
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D789A970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7D789A94F,?,?,?,?,?,00007FF7D789A83A), ref: 00007FF7D789A99E
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7D78A5CA4
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D78A5668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D78A567C
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7D78A5F1A
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7D78A5F2B
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7D78A5F3C
                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7D78A617C), ref: 00007FF7D78A5F63
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4070488512-0
                                                                                                                                                                                                                                    • Opcode ID: 0c9ae4c43809035ead388df1149d8e15e4647e923e6de7bb59d770bfc2eeda5e
                                                                                                                                                                                                                                    • Instruction ID: 7b54046848626cc2f86ebc99c10d91f7950bce9389e51659b019e74ea88b0b6f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c9ae4c43809035ead388df1149d8e15e4647e923e6de7bb59d770bfc2eeda5e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8AD1B322B0824246EB24BF25DA521BDAB51FF54794FC48137EA0D47A95EF3CE4A3C760
                                                                                                                                                                                                                                    Function 00007FF7D789A684 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1239891234-0
                                                                                                                                                                                                                                    • Opcode ID: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                                                    • Instruction ID: 47a5ebd425877e7474c86a182b9d1d0f34eda22824e693f403b8e6f8d4a88ec4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7316036618B8196DB60DF25E8402AEBBA4FB88754FD40137EA8D43B54DF3CD566CB10
                                                                                                                                                                                                                                    Function 00007FFDFB993A00 Relevance: 8.0, APIs: 2, Strings: 3, Instructions: 483COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1766813955.00007FFDFB961000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFB960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766792416.00007FFDFB960000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766904172.00007FFDFBA8A000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766935570.00007FFDFBAB7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766957897.00007FFDFBABC000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766957897.00007FFDFBACA000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfb960000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: %s at line %d of [%.10s]$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$database corruption
                                                                                                                                                                                                                                    • API String ID: 0-3555682073
                                                                                                                                                                                                                                    • Opcode ID: 632936839a87527f152e74760ea262e59e1a062af75a28d094c0d1a547466b53
                                                                                                                                                                                                                                    • Instruction ID: ab99c652c1b785bb91c6e4c99458750b657db877241a31fa4b59f0d20aa66128
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 632936839a87527f152e74760ea262e59e1a062af75a28d094c0d1a547466b53
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB125922F0E69346E7B58A249060BBE7792AF91748F108135DABE037EDDE6DE845C700
                                                                                                                                                                                                                                    Function 00007FF7D78A18E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2227656907-0
                                                                                                                                                                                                                                    • Opcode ID: 2ef3c37f04818ead7d44404f95bcb0bbc346a7a2ea351082cea4bee254bbf61c
                                                                                                                                                                                                                                    • Instruction ID: 295da5b093868542ee2ac0612520c4fc66b766cb91b10a35745cac2145595c20
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ef3c37f04818ead7d44404f95bcb0bbc346a7a2ea351082cea4bee254bbf61c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FB19426F1869241EB61AB6296005BDEBA1EB44BE5FC45133EA5D07BC5EF3CE463C310
                                                                                                                                                                                                                                    Function 00007FFDFAF922E8 Relevance: 6.4, APIs: 5, Instructions: 140COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: memmove$memset
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3790616698-0
                                                                                                                                                                                                                                    • Opcode ID: 51b66f021cd6887e2f3166c0257dd0c7f3025c7e02eaaa6dc68159711c9c4620
                                                                                                                                                                                                                                    • Instruction ID: 44734aaf12a34e0dfdcc85d984e920bed185e152903a2949d7527837dddbcbaf
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51b66f021cd6887e2f3166c0257dd0c7f3025c7e02eaaa6dc68159711c9c4620
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6551D433F1EB8686DB108B12F45056A6B60FB49B98F444135EEAD077A9DE3CD141C700
                                                                                                                                                                                                                                    Function 00007FF7D78A5EEC Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7D78A5F1A
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D78A5668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D78A567C
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7D78A5F2B
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D78A5608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D78A561C
                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF7D78A5F3C
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D78A5638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D78A564C
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D789A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7D78A2D92,?,?,?,00007FF7D78A2DCF,?,?,00000000,00007FF7D78A3295,?,?,?,00007FF7D78A31C7), ref: 00007FF7D789A9CE
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D789A9B8: GetLastError.KERNEL32(?,?,?,00007FF7D78A2D92,?,?,?,00007FF7D78A2DCF,?,?,00000000,00007FF7D78A3295,?,?,?,00007FF7D78A31C7), ref: 00007FF7D789A9D8
                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7D78A617C), ref: 00007FF7D78A5F63
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3458911817-0
                                                                                                                                                                                                                                    • Opcode ID: 4f5f64917f1a6fb99e16ec8d4eadf885fc2e5ee96e92320975b551feff7f9d51
                                                                                                                                                                                                                                    • Instruction ID: ea6576e7a680ab38c532137eceb4b8dda6789d5da56433794c51a722eb294e71
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f5f64917f1a6fb99e16ec8d4eadf885fc2e5ee96e92320975b551feff7f9d51
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16515432A1864286E710FF31E9815ADEF61BB48784FC45137EA4D87A96DF3CE4638760
                                                                                                                                                                                                                                    Function 00007FFDFAF92B5D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57networkCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorLastbind
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\bio\b_sock2.c
                                                                                                                                                                                                                                    • API String ID: 2328862993-3200932406
                                                                                                                                                                                                                                    • Opcode ID: c767e834a84740a79c233dcad0d39ea44b2e2a28cfc1136448b175a4500b188a
                                                                                                                                                                                                                                    • Instruction ID: e1551aefcdfcf8a893feaa2afe26701386a2e28e8ef6711f005da09b2224a6f9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c767e834a84740a79c233dcad0d39ea44b2e2a28cfc1136448b175a4500b188a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F216D72B1915686E7509B26E810AAD7360FF88B98F400235EA6D47BEDEF3DE545CB00
                                                                                                                                                                                                                                    Function 00007FFDFAF9572C Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 8b647e036b0e5ae8a118200442eb522906dc17efbe743a2891263b2f3e414abb
                                                                                                                                                                                                                                    • Instruction ID: 04f98c2a63c5d54dbe98d7e40d213a67336df29c6d238aa0657bea0d7f74a387
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b647e036b0e5ae8a118200442eb522906dc17efbe743a2891263b2f3e414abb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6BE0DF727193A506CB56CA336118F692A90A726B8AF83C0309D0DC3B99EC2EE601CB40
                                                                                                                                                                                                                                    Function 00007FF7D7885820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D7885830
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D7885842
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D7885879
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D788588B
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D78858A4
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D78858B6
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D78858CF
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D78858E1
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D78858FD
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D788590F
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D788592B
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D788593D
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D7885959
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D788596B
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D7885987
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D7885999
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D78859B5
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF7D78864BF,?,00007FF7D788336E), ref: 00007FF7D78859C7
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                    • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                    • API String ID: 199729137-653951865
                                                                                                                                                                                                                                    • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                                                    • Instruction ID: 80db64379f84d7bdad4eee4dd9f7061825d8d89699f2101ffb8ae233cddd7c97
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A229E64A49B4792FB55BB65BA555BDAFA0AF04781FC41037C82E03360FF7CA57A8320
                                                                                                                                                                                                                                    Function 00007FF7D78876B0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                    • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                    • API String ID: 199729137-3427451314
                                                                                                                                                                                                                                    • Opcode ID: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                                                    • Instruction ID: 489a058bb8abb1f9412de28f468f45932a48324ffe454f91322d63a1a0bd6ade
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7802AF60E0DB0791EB14BBA5BA509BCAFA1AF04755FD41033D81E422A4EF7CB57B9230
                                                                                                                                                                                                                                    Function 00007FFDFB143F10 Relevance: 49.7, APIs: 19, Strings: 14, Instructions: 223stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFB144B53,?,?,?,?,?,?,?,?,00007FFDFB142B8B), ref: 00007FFDFB143F61
                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFB144B53,?,?,?,?,?,?,?,?,00007FFDFB142B8B), ref: 00007FFDFB143F78
                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFB144B53,?,?,?,?,?,?,?,?,00007FFDFB142B8B), ref: 00007FFDFB143F8F
                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFB144B53,?,?,?,?,?,?,?,?,00007FFDFB142B8B), ref: 00007FFDFB143FC2
                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFB144B53,?,?,?,?,?,?,?,?,00007FFDFB142B8B), ref: 00007FFDFB14400B
                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFB144B53,?,?,?,?,?,?,?,?,00007FFDFB142B8B), ref: 00007FFDFB14403F
                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFB144B53,?,?,?,?,?,?,?,?,00007FFDFB142B8B), ref: 00007FFDFB144091
                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFB144B53,?,?,?,?,?,?,?,?,00007FFDFB142B8B), ref: 00007FFDFB1440A4
                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFB144B53,?,?,?,?,?,?,?,?,00007FFDFB142B8B), ref: 00007FFDFB1440BB
                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFB144B53,?,?,?,?,?,?,?,?,00007FFDFB142B8B), ref: 00007FFDFB1440CE
                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFB144B53,?,?,?,?,?,?,?,?,00007FFDFB142B8B), ref: 00007FFDFB1440E5
                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFB144B53,?,?,?,?,?,?,?,?,00007FFDFB142B8B), ref: 00007FFDFB1440F8
                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFB144B53,?,?,?,?,?,?,?,?,00007FFDFB142B8B), ref: 00007FFDFB14410F
                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFB144B53,?,?,?,?,?,?,?,?,00007FFDFB142B8B), ref: 00007FFDFB144122
                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFB144B53,?,?,?,?,?,?,?,?,00007FFDFB142B8B), ref: 00007FFDFB144135
                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFB144B53,?,?,?,?,?,?,?,?,00007FFDFB142B8B), ref: 00007FFDFB144148
                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFB144B53,?,?,?,?,?,?,?,?,00007FFDFB142B8B), ref: 00007FFDFB14415B
                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFB144B53,?,?,?,?,?,?,?,?,00007FFDFB142B8B), ref: 00007FFDFB1441A7
                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFB144B53,?,?,?,?,?,?,?,?,00007FFDFB142B8B), ref: 00007FFDFB1441D2
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: strcmp
                                                                                                                                                                                                                                    • String ID: ANY PRIVATE KEY$CERTIFICATE$CERTIFICATE REQUEST$CMS$DH PARAMETERS$ENCRYPTED PRIVATE KEY$NEW CERTIFICATE REQUEST$PARAMETERS$PKCS #7 SIGNED DATA$PKCS7$PRIVATE KEY$TRUSTED CERTIFICATE$X509 CERTIFICATE$X9.42 DH PARAMETERS
                                                                                                                                                                                                                                    • API String ID: 1004003707-1119032718
                                                                                                                                                                                                                                    • Opcode ID: 53791607f956101f911f03bce5df1fcc48f1ca8588c3d50ca4fb3c9ab6ede07a
                                                                                                                                                                                                                                    • Instruction ID: bffd4a3173617fd06d5439927941546777f1d24a6bab75f49b2810dc8cc801d3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53791607f956101f911f03bce5df1fcc48f1ca8588c3d50ca4fb3c9ab6ede07a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C919E12F0E647D0FF509B25A931A7926919F5BBECF441131DD3E826FEEE2CE6518200
                                                                                                                                                                                                                                    Function 00007FFDFAE71160 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 184COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Unicode_$CompareStringWith$Arg_Ready$ArgumentCheckMallocMem_PositionalSubtypeType_
                                                                                                                                                                                                                                    • String ID: NFC$NFD$NFKC$NFKD$argument 1$argument 2$invalid normalization form$normalize$str
                                                                                                                                                                                                                                    • API String ID: 422133084-572447204
                                                                                                                                                                                                                                    • Opcode ID: 43a9823afa13981031bd2cce47ff7997dfe68bfd182b3a82fb86100dbe4ff703
                                                                                                                                                                                                                                    • Instruction ID: f6bd1e5c4981aa106f12cd8df508de4f2f284ee95b5f02ed87295d9c341e7a38
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43a9823afa13981031bd2cce47ff7997dfe68bfd182b3a82fb86100dbe4ff703
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39716E21B0C68381FBA8AB1AB464E791394AF55BC4F5441B1DD7F876EDDF2EE805A300
                                                                                                                                                                                                                                    Function 00007FFDFAF91B77 Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 204stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: strspn$strncmp
                                                                                                                                                                                                                                    • String ID: $ $ ,$..\s\crypto\pem\pem_lib.c$DEK-Info:$ENCRYPTED$Proc-Type:
                                                                                                                                                                                                                                    • API String ID: 1384302209-3505811795
                                                                                                                                                                                                                                    • Opcode ID: 398b3682302abd1cc3d8a4816504ce7b5e9254469f9c734eb94c0a305c6e8597
                                                                                                                                                                                                                                    • Instruction ID: bb1469b24fadb8bf7c0ff2ac0485280ee2c8e22a895e1844282604c68bd8149f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 398b3682302abd1cc3d8a4816504ce7b5e9254469f9c734eb94c0a305c6e8597
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF91B262F0E547C6E7159B11E860AB97760AF06788F444430DA7D87AFEDF2CE646C700
                                                                                                                                                                                                                                    Function 00007FFDFAF94E3F Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 205registryfileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Event$FileSource$ByteCharDeregisterHandleMultiRegisterReportTypeWideWrite__stdio_common_vsprintf__stdio_common_vswprintf
                                                                                                                                                                                                                                    • String ID: $OpenSSL$OpenSSL: FATAL$no stack?
                                                                                                                                                                                                                                    • API String ID: 2603057392-2963566556
                                                                                                                                                                                                                                    • Opcode ID: 4334f370b7a482bd35c4ecd3ae7f0d910e81077902a64c89114c2b2096981407
                                                                                                                                                                                                                                    • Instruction ID: d1c75f38a227a58cec964faaa5658b17c4c0777524d88d26cb45410293bbb099
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4334f370b7a482bd35c4ecd3ae7f0d910e81077902a64c89114c2b2096981407
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE91C472B1AB8385EB209F24D8605A97760FF49B98F444335EA6D47BE9EF38D155C300
                                                                                                                                                                                                                                    Function 00007FF7D78881C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7889400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7D78845E4,00000000,00007FF7D7881985), ref: 00007FF7D7889439
                                                                                                                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(?,00007FF7D78888A7,?,?,00000000,00007FF7D7883CBB), ref: 00007FF7D788821C
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7882810: MessageBoxW.USER32 ref: 00007FF7D78828EA
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                    • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                    • API String ID: 1662231829-930877121
                                                                                                                                                                                                                                    • Opcode ID: 6fbdb188916104b0c2c5940302cfd80688c9116ecc918f500a0c860990a20752
                                                                                                                                                                                                                                    • Instruction ID: 88d4c0d6caf758423271abce4d14ff4e50a56a8a3b01d4d7abf8f540b50941a3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6fbdb188916104b0c2c5940302cfd80688c9116ecc918f500a0c860990a20752
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89515611A28A4281FB60FB25F9516BEEA91AF94780FC44433E50E876D5EF2CE5278770
                                                                                                                                                                                                                                    Function 00007FF7D7881600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                    • API String ID: 2050909247-1550345328
                                                                                                                                                                                                                                    • Opcode ID: 0a87ee3060ec78e21d6c2d3bfc048a27d307e8fd5641d8a78f43b3b0b6daa239
                                                                                                                                                                                                                                    • Instruction ID: 445d0c52051886fccda54ad833663397db09f9ca17b5e6a979412c92e45a50cd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a87ee3060ec78e21d6c2d3bfc048a27d307e8fd5641d8a78f43b3b0b6daa239
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08518C61F0864392EA10BB21A5005AEEBA0BF44B94FD4453BEE4C47796EF3CF5668760
                                                                                                                                                                                                                                    Function 00007FFDFAE74880 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 94COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Unicode_$CompareString$With$DeallocErr_Ready
                                                                                                                                                                                                                                    • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                                                    • API String ID: 1067165228-3528878251
                                                                                                                                                                                                                                    • Opcode ID: c3d9b162d6dbcd275be07ca9095cd1207fb2a36ccd80a12ae7bc43f396df3e94
                                                                                                                                                                                                                                    • Instruction ID: 174c12c00a72a8f89e092c853ac5aad6dfa7d1c82b4cd260aa00d14bf15e3124
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3d9b162d6dbcd275be07ca9095cd1207fb2a36ccd80a12ae7bc43f396df3e94
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C417C21B0CA5385FB18AB15B860A3963A4BF49B85F8441B5DD7F467ECDF2EE4089310
                                                                                                                                                                                                                                    Function 00007FFDFAF91F69 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 135COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\rand\randfile.c$Filename=$i
                                                                                                                                                                                                                                    • API String ID: 0-1799673945
                                                                                                                                                                                                                                    • Opcode ID: 9b4ea193b028727d5cf33481ab8e51e1a79f6630d4abdc56d1a885e2ca4d3d0c
                                                                                                                                                                                                                                    • Instruction ID: efbdf2570d257ad73e6f563a35aa7a80ebb0b5968b78b3c356d20be42994e00d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b4ea193b028727d5cf33481ab8e51e1a79f6630d4abdc56d1a885e2ca4d3d0c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9519322F0EA4386F714AB16D860ABA2351EF85B48F404135E92D87AEDEF3DE505CB01
                                                                                                                                                                                                                                    Function 00007FFDFAE724A0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Module_$Dealloc$ObjectObject_$Capsule_ConstantFromMallocMem_SpecStringTrackTypeType_
                                                                                                                                                                                                                                    • String ID: 14.0.0$_ucnhash_CAPI$ucd_3_2_0$unidata_version
                                                                                                                                                                                                                                    • API String ID: 288921926-1430584071
                                                                                                                                                                                                                                    • Opcode ID: b4b871b94da8d7920ef7550732a471604ce4383ed558fc79dca66d2a8fdf6cd7
                                                                                                                                                                                                                                    • Instruction ID: da8a3641cabdfe1f7fcfc01c869977126d4fcaeb4f875e851c205982b48be0d3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4b871b94da8d7920ef7550732a471604ce4383ed558fc79dca66d2a8fdf6cd7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A212821F09B0391FB5C7B25B8349782298AF49BD1B4850B4CD3F4ABECDE2EE4018311
                                                                                                                                                                                                                                    Function 00007FF7D7882180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                    • String ID: P%
                                                                                                                                                                                                                                    • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                    • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                    • Instruction ID: 9e057fb6655104d884e4fdae38aa02a3369a243fea34d43133a6d0ad6b4d527a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F51D626604BA186D7249F26B4181BEFFA1FB98B61F404136EBDE43694DF3CD056DB20
                                                                                                                                                                                                                                    Function 00007FF7D78880B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                                                    • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                                                    • API String ID: 3975851968-2863640275
                                                                                                                                                                                                                                    • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                                                    • Instruction ID: cc8364af2a5679ac394ef1043d86dfb6d3cb9e6e7263871242b1bb35b42c3307
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2921A725B19A4282E745AB7AB95417DEF91FF88B90FD84132DE2D433D4DE2CD5A28320
                                                                                                                                                                                                                                    Function 00007FFDFAE745B8 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 62COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Arg_Unicode_$ArgumentCheckDigitErr_PositionalReadyString
                                                                                                                                                                                                                                    • String ID: a unicode character$argument 1$digit$not a digit
                                                                                                                                                                                                                                    • API String ID: 3305933226-4278345224
                                                                                                                                                                                                                                    • Opcode ID: 7ce90af48709fe014995acaed7f918344bd35f146835d025cb8625cff732ed3b
                                                                                                                                                                                                                                    • Instruction ID: 76478946367f795311e94430b4e33d1d1467d455bb199f4dce4b738256054f63
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ce90af48709fe014995acaed7f918344bd35f146835d025cb8625cff732ed3b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF214B21B08A4391EB18AB61F860D792364EF54B99F8444B1CA3F476ECDF3EE449C310
                                                                                                                                                                                                                                    Function 00007FFDFAE72700 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                                                                                                                    • Opcode ID: 2c308201996a5cd9458bfb49639c767029e53d7e8e3f334da12f105542d5c962
                                                                                                                                                                                                                                    • Instruction ID: da4043b5fd751de89070e52d89618c71de79bd4ec4643a2b307a21cc0d07073c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c308201996a5cd9458bfb49639c767029e53d7e8e3f334da12f105542d5c962
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A81A161F0C24386FB6CBB65B860A792290AF55780F5481B5E93F4B3DEDE3EE8458700
                                                                                                                                                                                                                                    Function 00007FFDFAF932AB Relevance: 16.6, APIs: 5, Strings: 6, Instructions: 127stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: atoi$strcmp
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\ts\ts_conf.c$accuracy$microsecs$millisecs$p$secs
                                                                                                                                                                                                                                    • API String ID: 4175852868-1596076588
                                                                                                                                                                                                                                    • Opcode ID: a354be8fb617e6a659b2ebe151350e266f0d4f90f2c91f9f87cda44e37b83124
                                                                                                                                                                                                                                    • Instruction ID: 518105b647d7d87f3093bf4b6eab41a0fc2c55184085da231013a7569a42b969
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a354be8fb617e6a659b2ebe151350e266f0d4f90f2c91f9f87cda44e37b83124
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93515F22F1A64796EB089B16A820DB97391BF48B9CF404635ED2E477FDDF3CE4458200
                                                                                                                                                                                                                                    Function 00007FFDFAF923D3 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 94libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: InformationObjectUser$AddressErrorHandleLastModuleProcProcessStationWindowwcsstr
                                                                                                                                                                                                                                    • String ID: Service-0x$_OPENSSL_isservice
                                                                                                                                                                                                                                    • API String ID: 459917433-1672312481
                                                                                                                                                                                                                                    • Opcode ID: bc225b995bbff2d3b119e7081b5c779a5c3234c2f77d3222796a288c2c9d01dd
                                                                                                                                                                                                                                    • Instruction ID: 16d737f5fcccd7805bbf6819ab8f9bb0b67ae1a89de4f420872d90d010d76ffb
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc225b995bbff2d3b119e7081b5c779a5c3234c2f77d3222796a288c2c9d01dd
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A413221B0AB838AEB549F24D860AA92390EF49778F448735EA7D477F9DF2CE554D300
                                                                                                                                                                                                                                    Function 00007FFDFAE74794 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 58COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Arg_$ArgumentReadyUnicode_$CheckPositional
                                                                                                                                                                                                                                    • String ID: argument 1$argument 2$is_normalized$str
                                                                                                                                                                                                                                    • API String ID: 396090033-184702317
                                                                                                                                                                                                                                    • Opcode ID: 4b9b00d64ef59d0ba6d0269f38227be165a8ac6e5f861fcdf13a617398f22c1f
                                                                                                                                                                                                                                    • Instruction ID: 6b5d4eecad1403d18a4670ec238f42b1b876105f134d3acd6eca8b6c21990206
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b9b00d64ef59d0ba6d0269f38227be165a8ac6e5f861fcdf13a617398f22c1f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55219421B18A8B81EB58AB15F860A742354AF45F98F5482B1D97F4B6ECCF2ED44AC300
                                                                                                                                                                                                                                    Function 00007FFDFB9B3000 Relevance: 15.3, APIs: 1, Strings: 9, Instructions: 325COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    • Cannot add a column with non-constant default, xrefs: 00007FFDFB9B31FF
                                                                                                                                                                                                                                    • SELECT CASE WHEN quick_check GLOB 'CHECK*' THEN raise(ABORT,'CHECK constraint failed') ELSE raise(ABORT,'NOT NULL constraint failed') END FROM pragma_quick_check(%Q,%Q) WHERE quick_check GLOB 'CHECK*' OR quick_check GLOB 'NULL*', xrefs: 00007FFDFB9B34E1
                                                                                                                                                                                                                                    • SELECT raise(ABORT,%Q) FROM "%w"."%w", xrefs: 00007FFDFB9B318D, 00007FFDFB9B3209, 00007FFDFB9B3313
                                                                                                                                                                                                                                    • Cannot add a UNIQUE column, xrefs: 00007FFDFB9B3133
                                                                                                                                                                                                                                    • Cannot add a PRIMARY KEY column, xrefs: 00007FFDFB9B3118
                                                                                                                                                                                                                                    • UPDATE "%w".sqlite_master SET sql = printf('%%.%ds, ',sql) || %Q || substr(sql,1+length(printf('%%.%ds',sql))) WHERE type = 'table' AND name = %Q, xrefs: 00007FFDFB9B33AC
                                                                                                                                                                                                                                    • Cannot add a NOT NULL column with default value NULL, xrefs: 00007FFDFB9B31A5
                                                                                                                                                                                                                                    • cannot add a STORED column, xrefs: 00007FFDFB9B3304
                                                                                                                                                                                                                                    • Cannot add a REFERENCES column with non-NULL default value, xrefs: 00007FFDFB9B3183
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1766813955.00007FFDFB961000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFB960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766792416.00007FFDFB960000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766904172.00007FFDFBA8A000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766935570.00007FFDFBAB7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766957897.00007FFDFBABC000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766957897.00007FFDFBACA000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfb960000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: memcpy
                                                                                                                                                                                                                                    • String ID: Cannot add a NOT NULL column with default value NULL$Cannot add a PRIMARY KEY column$Cannot add a REFERENCES column with non-NULL default value$Cannot add a UNIQUE column$Cannot add a column with non-constant default$SELECT CASE WHEN quick_check GLOB 'CHECK*' THEN raise(ABORT,'CHECK constraint failed') ELSE raise(ABORT,'NOT NULL constraint failed') END FROM pragma_quick_check(%Q,%Q) WHERE quick_check GLOB 'CHECK*' OR quick_check GLOB 'NULL*'$SELECT raise(ABORT,%Q) FROM "%w"."%w"$UPDATE "%w".sqlite_master SET sql = printf('%%.%ds, ',sql) || %Q || substr(sql,1+length(printf('%%.%ds',sql))) WHERE type = 'table' AND name = %Q$cannot add a STORED column
                                                                                                                                                                                                                                    • API String ID: 3510742995-3865411212
                                                                                                                                                                                                                                    • Opcode ID: 6b0d9fbc83b5f3c86e6dfecdd1268d26f9b7f66d2b46c94e9726b77a0b7fc788
                                                                                                                                                                                                                                    • Instruction ID: 7403784320be20d111db8b0b10d50431d7258fe5f8c372d578d728803cf12110
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b0d9fbc83b5f3c86e6dfecdd1268d26f9b7f66d2b46c94e9726b77a0b7fc788
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13E19D22B0EA8381EB65CB169564BB933A1FB45BC4F448139CE6D077E9DF7CE6458B00
                                                                                                                                                                                                                                    Function 00007FFDFAF94B3D Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 127stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                    • String ID: , value=$..\s\crypto\x509v3\v3_conf.c$/$ASN1:$DER:$critical,$name=
                                                                                                                                                                                                                                    • API String ID: 1114863663-1429737502
                                                                                                                                                                                                                                    • Opcode ID: 7f2ca93d11da1ca7a80ac0ee73faedd964ac5519fcad5655242ec72a9e8b707f
                                                                                                                                                                                                                                    • Instruction ID: c534912400a87da4eb22f630b240f567056b07acd7cc5090f867b97aa2bb7fe0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f2ca93d11da1ca7a80ac0ee73faedd964ac5519fcad5655242ec72a9e8b707f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8241EF62F0A68701EB159F22B820FBA6691AF5ABDCF444130DD6D477EDEE3CE9048700
                                                                                                                                                                                                                                    Function 00007FF7D7896300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: -$:$f$p$p
                                                                                                                                                                                                                                    • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                    • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                    • Instruction ID: ca17cddae82004d6f2a32d444b0767ebef0d2dbffebaa6f35ca103652bad85d5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04126E62F0C14386FB24BA1591546BDFAA1FB80750FD84137E69B46AC4DF3CF5A29B20
                                                                                                                                                                                                                                    Function 00007FF7D7891038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: f$f$p$p$f
                                                                                                                                                                                                                                    • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                    • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                    • Instruction ID: 1a68b0a8feee661fb6dca0dd571e785c47e4559d86e9355d79101d9c8ef1f911
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D912A622E0C14385FB20BA55E0546BDFA62FB48755FD84037E69947AC4DF7CF8A29B20
                                                                                                                                                                                                                                    Function 00007FF7D7881050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                    • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                    • Opcode ID: e30da66bd449e278f4e1a8a1da43a6fc232ee02027dbecaf9a0becaf305aee32
                                                                                                                                                                                                                                    • Instruction ID: e903edafcb94b9032b31333cb5587abe6b12d5600d7416a2b459afcdf563ef8e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e30da66bd449e278f4e1a8a1da43a6fc232ee02027dbecaf9a0becaf305aee32
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D416E25E0865286EA10FB12A9006BEEB90BF44BC4FD44437ED0D47796EF3CE5278760
                                                                                                                                                                                                                                    Function 00007FFDFAF941D8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 117networkCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorLastsetsockopt
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\bio\b_sock2.c$o
                                                                                                                                                                                                                                    • API String ID: 1729277954-1872632005
                                                                                                                                                                                                                                    • Opcode ID: 55b9dc58d84091389097999520ee8ef412c939128f98883080a21d6a8e2db22d
                                                                                                                                                                                                                                    • Instruction ID: 726555a9347522db3b976cac6bd21a2baf2cf28971e3772b71f566d27e6b9a4c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55b9dc58d84091389097999520ee8ef412c939128f98883080a21d6a8e2db22d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF51CE71B0954386E7209B21E824ABA7360FF89B48F440235EA6947AEDDF3DE545DB00
                                                                                                                                                                                                                                    Function 00007FF7D7888850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(?,?,00000000,00007FF7D7883CBB), ref: 00007FF7D78888F4
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00007FF7D7883CBB), ref: 00007FF7D78888FA
                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,00007FF7D7883CBB), ref: 00007FF7D788893C
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7888A20: GetEnvironmentVariableW.KERNEL32(00007FF7D788388E), ref: 00007FF7D7888A57
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7888A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7D7888A79
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D78982A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D78982C1
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7882810: MessageBoxW.USER32 ref: 00007FF7D78828EA
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                    • API String ID: 3563477958-1339014028
                                                                                                                                                                                                                                    • Opcode ID: 6ea14b1c2d16789ddeaa0d8cc05df9935aa6d91fa7ad17376743f3d33dced37a
                                                                                                                                                                                                                                    • Instruction ID: a7dc5ded9c215b54bb3effc6ffcf8a63ab6c8bce662447b3babcf168d93c4b3c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ea14b1c2d16789ddeaa0d8cc05df9935aa6d91fa7ad17376743f3d33dced37a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F41A012A1865345FA20FB65B9552FE9A91AF88784FC40133ED0D877DAEE3CE5238320
                                                                                                                                                                                                                                    Function 00007FFDFAF93779 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 85stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: strcmpstrncmpstrtoul
                                                                                                                                                                                                                                    • String ID: MASK:$default$nombstr$pkix$utf8only
                                                                                                                                                                                                                                    • API String ID: 1175158921-3483942737
                                                                                                                                                                                                                                    • Opcode ID: 56a8b705b4d859711014d430f94cbbc3222095bc84f144be5c70752352c183a7
                                                                                                                                                                                                                                    • Instruction ID: 0cd949e9727490a846c1f975794456142ec17d3f22b9ac1dee1154138246c5e4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56a8b705b4d859711014d430f94cbbc3222095bc84f144be5c70752352c183a7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38312822F1E58382EB619B18E574BB93790EB46790F484232EA6F476F9DE1CE4D1C700
                                                                                                                                                                                                                                    Function 00007FFDFB99F970 Relevance: 14.0, APIs: 1, Strings: 8, Instructions: 490COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1766813955.00007FFDFB961000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFB960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766792416.00007FFDFB960000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766904172.00007FFDFBA8A000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766935570.00007FFDFBAB7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766957897.00007FFDFBABC000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766957897.00007FFDFBACA000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfb960000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: memset
                                                                                                                                                                                                                                    • String ID: cannot open %s column for writing$cannot open table without rowid: %s$cannot open view: %s$cannot open virtual table: %s$foreign key$indexed$no such column: "%s"$out of memory
                                                                                                                                                                                                                                    • API String ID: 2221118986-554953066
                                                                                                                                                                                                                                    • Opcode ID: e49dea43c45aaa90a6615c274e303f42072f538a78cdb0473b6c7037b28f0a2d
                                                                                                                                                                                                                                    • Instruction ID: 69171f549a7bc43d94fe5b3fbf1f1222852583ed2d907d42b429b469555dbd4b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e49dea43c45aaa90a6615c274e303f42072f538a78cdb0473b6c7037b28f0a2d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9329C72B0AB8286EB94CF259460BBD77A4FB49B88F504136DA6D477A9DF38E450C700
                                                                                                                                                                                                                                    Function 00007FF7D788EA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                    • API String ID: 849930591-393685449
                                                                                                                                                                                                                                    • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                                                    • Instruction ID: b67a9860166906beb532c3458a6d2dfcf16aecc93e8f207fdd1ef0b0002e5642
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ACD18132A0874186EB24AB65E4403ADBBA0FB45798FD4023BEE4D57B95DF38E462C711
                                                                                                                                                                                                                                    Function 00007FFDFAF960CD Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 227COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Fiber$Switch$CreateDeletememmove
                                                                                                                                                                                                                                    • String ID: *$..\s\crypto\async\async.c
                                                                                                                                                                                                                                    • API String ID: 81049052-1471988776
                                                                                                                                                                                                                                    • Opcode ID: 45ed66b5930bf60933b755cfe8a7e382ea8b76f9ffae6a6c42d777713411ddc7
                                                                                                                                                                                                                                    • Instruction ID: edc2a157bc0ab3ae9ae095b187677829d39a1b4cd6c78fab3cc0ca7898b562fd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45ed66b5930bf60933b755cfe8a7e382ea8b76f9ffae6a6c42d777713411ddc7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49A18132B1AA4385EB24DF15E460A7973A0EF48B88F448435DAAE47BE9DF3DE445D700
                                                                                                                                                                                                                                    Function 00007FFDFAE71720 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Unicode_$Arg_ArgumentFromReadyStringSubtypeType_
                                                                                                                                                                                                                                    • String ID: a unicode character$argument$category
                                                                                                                                                                                                                                    • API String ID: 2803103377-2068800536
                                                                                                                                                                                                                                    • Opcode ID: 6816e9383461dec41916e3a7af37118872168313f5bb01175f575d9f70240281
                                                                                                                                                                                                                                    • Instruction ID: b0ab0e7a7f5772a72772eca4935c495561f5e172d806327b88910091208d4cab
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6816e9383461dec41916e3a7af37118872168313f5bb01175f575d9f70240281
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF51A161B0874281FB5C9B19E470A7963A1EF44B84F440175DABF477E8DF3EE8559300
                                                                                                                                                                                                                                    Function 00007FF7D789ED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF7D789F11A,?,?,000001C1D9FB9748,00007FF7D789ADC3,?,?,?,00007FF7D789ACBA,?,?,?,00007FF7D7895FAE), ref: 00007FF7D789EEFC
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF7D789F11A,?,?,000001C1D9FB9748,00007FF7D789ADC3,?,?,?,00007FF7D789ACBA,?,?,?,00007FF7D7895FAE), ref: 00007FF7D789EF08
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                    • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                    • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                                                    • Instruction ID: 5f085249255b769d1279714f2ad7945315fb52cd0bbb842ab9b371ac69564fdd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D941B022B19B1241EA15EB16980467DAFA1BF48B90FD8453FED1E47784EF3CF5268320
                                                                                                                                                                                                                                    Function 00007FF7D7882C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7D7883706,?,00007FF7D7883804), ref: 00007FF7D7882C9E
                                                                                                                                                                                                                                    • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7D7883706,?,00007FF7D7883804), ref: 00007FF7D7882D63
                                                                                                                                                                                                                                    • MessageBoxW.USER32 ref: 00007FF7D7882D99
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                                                    • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                                                    • API String ID: 3940978338-251083826
                                                                                                                                                                                                                                    • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                                                    • Instruction ID: 2504a6514da74eb6ac9038d4e44f3df423edd731a56dec0fd7df53ba48efa9c9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6031A022B08A4152E720BB25B9046AEEEA5BB88B98FC00137EF4D93759DE3CD517C310
                                                                                                                                                                                                                                    Function 00007FFDFAE71000 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 99COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Unicode_$Arg_ArgumentFromReadyStringSubtypeType_
                                                                                                                                                                                                                                    • String ID: a unicode character$argument$bidirectional
                                                                                                                                                                                                                                    • API String ID: 2803103377-2110215792
                                                                                                                                                                                                                                    • Opcode ID: f18c6db4b7677228588ff3642ecffd697196c356a4f357c38ff224b991ca236e
                                                                                                                                                                                                                                    • Instruction ID: f8f7336591634290543222cb3bd964154295289ddda515261834e3621cfbb7f5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f18c6db4b7677228588ff3642ecffd697196c356a4f357c38ff224b991ca236e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE41C361B08B8281FB5CAB15E474A792361EF84B84F444179CA7F476ECDF2FE8549340
                                                                                                                                                                                                                                    Function 00007FFDFAE74450 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FromStringUnicode_$S_snprintfSizeSubtypeType_memcpy
                                                                                                                                                                                                                                    • String ID: $%04X
                                                                                                                                                                                                                                    • API String ID: 762632776-4013080060
                                                                                                                                                                                                                                    • Opcode ID: 2fe59cb35ee04d86fec605c7f377e49d63650dcc89c1e71b2baaec9e2f32d26d
                                                                                                                                                                                                                                    • Instruction ID: 745f1f32f3745040fed58a383ea03d292b9db5c4b8eb1f355e677b5c1e33c4bc
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2fe59cb35ee04d86fec605c7f377e49d63650dcc89c1e71b2baaec9e2f32d26d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9231C562B08A9141EB29AB14F8247B963A1FF44B64F580374D97F476C8DF2DD549C300
                                                                                                                                                                                                                                    Function 00007FFDFAE749FC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                                                                                                                                                                                                                                    • String ID: a unicode character$argument$mirrored
                                                                                                                                                                                                                                    • API String ID: 3097524968-4001128513
                                                                                                                                                                                                                                    • Opcode ID: 105332dc658e55033536c6657fe373e41297de6fe3bd5b4ffd42ccb5a8ae74c9
                                                                                                                                                                                                                                    • Instruction ID: 23438899d876d861f2161584851357a2135b56ce0cf47e53ac587d2b2bd45c0f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 105332dc658e55033536c6657fe373e41297de6fe3bd5b4ffd42ccb5a8ae74c9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC018460B08B4381EB5CBB25B4609782361AF08BA4F4455B0D97F462DDFF3EE8C98304
                                                                                                                                                                                                                                    Function 00007FFDFAE74180 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                                                                                                                                                                                                                                    • String ID: a unicode character$argument$combining
                                                                                                                                                                                                                                    • API String ID: 3097524968-4202047184
                                                                                                                                                                                                                                    • Opcode ID: ba2f8eafb0e46a11cde2ff798d8c3219b4fccfe069238a392c7a683574401bae
                                                                                                                                                                                                                                    • Instruction ID: c16be9fe217b291e0c0c229bd820feaad231dc2f20c5630ef19ea9031d51267f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba2f8eafb0e46a11cde2ff798d8c3219b4fccfe069238a392c7a683574401bae
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B018850B48A8341EB5CBB25B86097423A0AF197A4F545171D93F476DDDF3ED8588300
                                                                                                                                                                                                                                    Function 00007FFDFB192210 Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 190stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: memsetstrncpy
                                                                                                                                                                                                                                    • String ID: , failure codes: $, status text: $..\s\crypto\ts\ts_rsp_verify.c$status code: $unknown code$unspecified
                                                                                                                                                                                                                                    • API String ID: 388311670-2553778726
                                                                                                                                                                                                                                    • Opcode ID: 1336435c7df0643f7730deff0f9b3bface7ef05ccde09fbd125661e6099c26db
                                                                                                                                                                                                                                    • Instruction ID: f8e11c5337fdc8f8f0f8b19de0816dfe502e72a2b95baae54fa1ac559664c0d7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1336435c7df0643f7730deff0f9b3bface7ef05ccde09fbd125661e6099c26db
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C819022F0A68785FB54EB11A864AB96390FF89B8CF440135EA6D877E9DF3CE5058740
                                                                                                                                                                                                                                    Function 00007FFDFB985C10 Relevance: 10.7, APIs: 4, Strings: 3, Instructions: 206COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1766813955.00007FFDFB961000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFB960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766792416.00007FFDFB960000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766904172.00007FFDFBA8A000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766935570.00007FFDFBAB7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766957897.00007FFDFBABC000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766957897.00007FFDFBACA000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfb960000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: memcpy
                                                                                                                                                                                                                                    • String ID: %s at line %d of [%.10s]$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$database corruption
                                                                                                                                                                                                                                    • API String ID: 3510742995-3555682073
                                                                                                                                                                                                                                    • Opcode ID: 4a0688e31470648bceec21596f29f92518aad1ba0adba597e5d673435d71e7c3
                                                                                                                                                                                                                                    • Instruction ID: e68b5a080a4ebadb07bc83495b77db486530ebf152be61d0d3e9c5018e2929b0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a0688e31470648bceec21596f29f92518aad1ba0adba597e5d673435d71e7c3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C181E322B0A6C24ADB208F259594A7E7BE1FB40B84F488136DF99477A9DF3CE459C710
                                                                                                                                                                                                                                    Function 00007FFDFAF954C5 Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 121stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: strchr$memmove
                                                                                                                                                                                                                                    • String ID: characters$ to $..\s\crypto\ui\ui_lib.c$You must type in
                                                                                                                                                                                                                                    • API String ID: 1080442166-3422546668
                                                                                                                                                                                                                                    • Opcode ID: 04da4882716858aa5320061ea65a837de683310bda4873f6425a5e0001cb9526
                                                                                                                                                                                                                                    • Instruction ID: b1c593a37d662413a20d4cb2cd14d954db41da089cd57224eef99c7668c3352d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04da4882716858aa5320061ea65a837de683310bda4873f6425a5e0001cb9526
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4751BC63F0A68286EB248F25D820AB93760FB45B5CF004232EA6D076EDDF3DE944C750
                                                                                                                                                                                                                                    Function 00007FFDFAF93CFC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 114stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _stricmpstrchrstrncmp
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\store\store_lib.c$T$file
                                                                                                                                                                                                                                    • API String ID: 3017659097-909561481
                                                                                                                                                                                                                                    • Opcode ID: 4a4ee439759501d262f3f184b4fa727c6e616cb67e93a5a3c3501da3a594c7ef
                                                                                                                                                                                                                                    • Instruction ID: 282795b0784997292c9fbbeb9194298a2ad248a1024be5bdb2fa944f4c70ee80
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a4ee439759501d262f3f184b4fa727c6e616cb67e93a5a3c3501da3a594c7ef
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56418332B1AA4786EB15DB11E8609A973A0FF48B98F448135EE5D4B7A9EF3CE505C700
                                                                                                                                                                                                                                    Function 00007FF7D788DD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF7D788DFEA,?,?,?,00007FF7D788DCDC,?,?,?,00007FF7D788D8D9), ref: 00007FF7D788DDBD
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF7D788DFEA,?,?,?,00007FF7D788DCDC,?,?,?,00007FF7D788D8D9), ref: 00007FF7D788DDCB
                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF7D788DFEA,?,?,?,00007FF7D788DCDC,?,?,?,00007FF7D788D8D9), ref: 00007FF7D788DDF5
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF7D788DFEA,?,?,?,00007FF7D788DCDC,?,?,?,00007FF7D788D8D9), ref: 00007FF7D788DE63
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF7D788DFEA,?,?,?,00007FF7D788DCDC,?,?,?,00007FF7D788D8D9), ref: 00007FF7D788DE6F
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                                                                    • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                    • Opcode ID: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                                                    • Instruction ID: c711669c57d1ffdabbb983ba8bc5481300c28fe90fa6a14560c12d37af139433
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A319421B1A64291EE55BB12B80057DAB94FF58BA0FD94637ED2D47380EF3CE4668330
                                                                                                                                                                                                                                    Function 00007FFDFAF939B8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _chmod_stat64i32fclosefwrite
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\rand\randfile.c$Filename=
                                                                                                                                                                                                                                    • API String ID: 4260490851-2201148535
                                                                                                                                                                                                                                    • Opcode ID: 6b3b0f7a3795f012e9ff1fc1ebc767fdf81fc92d56402ad81cac52365df12dad
                                                                                                                                                                                                                                    • Instruction ID: ce0eb4cfa585563484df3203a0f5feae6cf441ccd836eaf7edff1d64154cd4c6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b3b0f7a3795f012e9ff1fc1ebc767fdf81fc92d56402ad81cac52365df12dad
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2315E62F0A64782E7149B12E864AAA7351EF49798F404135EA6D87AEDEF3CE604C700
                                                                                                                                                                                                                                    Function 00007FF7D7882A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF7D788351A,?,00000000,00007FF7D7883F23), ref: 00007FF7D7882AA0
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                    • API String ID: 2050909247-2900015858
                                                                                                                                                                                                                                    • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                                                    • Instruction ID: 17a783887c499944f2c20773e82e66c77efef6f1cf65414f5503f6f1c81b4fad
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71219232A1878192E720EB51B8817EAABA4FB887D4FC00137FE8D53659DF3CD6568750
                                                                                                                                                                                                                                    Function 00007FF7D7888760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 995526605-0
                                                                                                                                                                                                                                    • Opcode ID: 1e3bf3a8b1345e2c0c0bdd6ff4e06add0bb9355989cc78c5a669156b3459c754
                                                                                                                                                                                                                                    • Instruction ID: db69b679747a0ac40a55c3ff089c40be5fec0680568fa81bded5c10902a66ff2
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e3bf3a8b1345e2c0c0bdd6ff4e06add0bb9355989cc78c5a669156b3459c754
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3215E21A1C64342EB10AB55F55463EEBA1FB857A0FD00236EAAD43AE4DF6CD4668710
                                                                                                                                                                                                                                    Function 00007FF7D789B1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                                    • Opcode ID: 7a7efe5704aebd884d83a549bac9021180a30b6e3a5084d39c82c78793c2ea5e
                                                                                                                                                                                                                                    • Instruction ID: 3820499bd9168f2525e524df380f48f531adc54e52b63e3f737fe3c9141ea2a6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a7efe5704aebd884d83a549bac9021180a30b6e3a5084d39c82c78793c2ea5e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62216D20E0C38686FA6873A1965117DDD429F847A0FD0863BE83E47AD6DF2CB4238321
                                                                                                                                                                                                                                    Function 00007FFDFAE74C48 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                                                    • String ID: a unicode character$argument 1$numeric
                                                                                                                                                                                                                                    • API String ID: 3545102714-2385192657
                                                                                                                                                                                                                                    • Opcode ID: 58eec752d75c8d67550a292666b95442b62c9b48a59cdad8fb0cafb4f05f50c8
                                                                                                                                                                                                                                    • Instruction ID: 0592f53d7a034473a7cb5a2dc5ce539c32faf575264e2f7dcaa846b5177ed00c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58eec752d75c8d67550a292666b95442b62c9b48a59cdad8fb0cafb4f05f50c8
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC218E31B08A8685FB58AF12F4609A92364EB44B94F5841B1DE7E477ECDF2EE459C700
                                                                                                                                                                                                                                    Function 00007FFDFAE74AF8 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                                                    • String ID: a unicode character$argument 1$name
                                                                                                                                                                                                                                    • API String ID: 3545102714-4190364640
                                                                                                                                                                                                                                    • Opcode ID: 988fb94b10c3af626c370a5b630c8ad47455f28d13774872102209c489691af0
                                                                                                                                                                                                                                    • Instruction ID: 982d60577722fc5f6edba37156f25c886b08f2a2ab0318afc6381b2dc4b3bdd5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 988fb94b10c3af626c370a5b630c8ad47455f28d13774872102209c489691af0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6021A131B08A8285EB58AF51F460A693364EB44B94F4440B1DA3E477DCDF2ED849C300
                                                                                                                                                                                                                                    Function 00007FFDFAE74274 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                                                    • String ID: a unicode character$argument 1$decimal
                                                                                                                                                                                                                                    • API String ID: 3545102714-2474051849
                                                                                                                                                                                                                                    • Opcode ID: b05deaf73e31b50949bef7d26f64679ffdd17d88437daef98b96a97378cc5058
                                                                                                                                                                                                                                    • Instruction ID: d6085468e979744345a92f01f2c57e4a8dad82fd149a97e4772407b2ba2a3bfc
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b05deaf73e31b50949bef7d26f64679ffdd17d88437daef98b96a97378cc5058
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9021A135B08B8395EB58AF55F4609693360EB44B84F888071DA3E477DCDF2ED859C300
                                                                                                                                                                                                                                    Function 00007FF7D78A7DDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                    • String ID: CONOUT$
                                                                                                                                                                                                                                    • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                    • Opcode ID: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                                                    • Instruction ID: 19f2b82e20cad17bc862f282fd4951a7136cbaf3832673bbdea15268cf5f9d17
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69119321B18B4186E350AB52E95432DAFA0FB98FF4FC00236EA5D87794DF3CD8258750
                                                                                                                                                                                                                                    Function 00007FF7D7888560 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,?,00000000,00007FF7D7889216), ref: 00007FF7D7888592
                                                                                                                                                                                                                                    • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF7D7889216), ref: 00007FF7D78885E9
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7889400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7D78845E4,00000000,00007FF7D7881985), ref: 00007FF7D7889439
                                                                                                                                                                                                                                    • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF7D7889216), ref: 00007FF7D7888678
                                                                                                                                                                                                                                    • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF7D7889216), ref: 00007FF7D78886E4
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,00000000,00007FF7D7889216), ref: 00007FF7D78886F5
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,00000000,00007FF7D7889216), ref: 00007FF7D788870A
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3462794448-0
                                                                                                                                                                                                                                    • Opcode ID: b2770b171440e78660be4c91fda42c27049aa369c6710ced6bdf6821ec2ad01d
                                                                                                                                                                                                                                    • Instruction ID: 3180cf2dd765df79de39f83a0281cf87ecf550339177bf04b1e39b7dae40b361
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b2770b171440e78660be4c91fda42c27049aa369c6710ced6bdf6821ec2ad01d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2641A522B1869241EA30BB11B5446AEABA4FB44BC4FC44137DE4D97B89DF3CD552C720
                                                                                                                                                                                                                                    Function 00007FFDFAF96488 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 109stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                    • String ID: ASN1:$DER:$critical,
                                                                                                                                                                                                                                    • API String ID: 1114863663-369496153
                                                                                                                                                                                                                                    • Opcode ID: d8eae108aa50e8ee9f405d161ab28d2f521657fe406e3845ac9384fbb0e87803
                                                                                                                                                                                                                                    • Instruction ID: 410a2e152d5139d3338f0749db2a690d6a97720c838731fa15cc5bf648a7be3a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8eae108aa50e8ee9f405d161ab28d2f521657fe406e3845ac9384fbb0e87803
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA41D0A2F0938701FB545B26A920FBA26A1AF18BDCF144130ED7D47AEDEE3CE4008704
                                                                                                                                                                                                                                    Function 00007FFDFAF94DF4 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 108stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                    • String ID: ASN1:$DER:$critical,
                                                                                                                                                                                                                                    • API String ID: 1114863663-369496153
                                                                                                                                                                                                                                    • Opcode ID: 5f78d842faca65497d7e082e34e1eaa76c99826f4a218ee81ef128562e321c64
                                                                                                                                                                                                                                    • Instruction ID: 3f06dfaf0b6d91576e18dda55198b58851d26a53c2afd507ec223825a32ffbf8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f78d842faca65497d7e082e34e1eaa76c99826f4a218ee81ef128562e321c64
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F841BE62F1A68741EB549F26B820FB96691AF08B98F489134ED6E47BEDDE3CD4058700
                                                                                                                                                                                                                                    Function 00007FF7D78890E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7888760: GetCurrentProcess.KERNEL32 ref: 00007FF7D7888780
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7888760: OpenProcessToken.ADVAPI32 ref: 00007FF7D7888793
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7888760: GetTokenInformation.ADVAPI32 ref: 00007FF7D78887B8
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7888760: GetLastError.KERNEL32 ref: 00007FF7D78887C2
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7888760: GetTokenInformation.ADVAPI32 ref: 00007FF7D7888802
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7888760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7D788881E
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D7888760: CloseHandle.KERNEL32 ref: 00007FF7D7888836
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00007FF7D7883C55), ref: 00007FF7D788916C
                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00007FF7D7883C55), ref: 00007FF7D7889175
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                    • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                                    • API String ID: 6828938-1529539262
                                                                                                                                                                                                                                    • Opcode ID: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                                                    • Instruction ID: dd86025416a022822b0db2222f6295f9474b62d18b32c830de2f738c1ec65684
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C214D25A1874285F710BB10F5152EEAAA5FF88780FC44037EA4D93B86DF3CE8668760
                                                                                                                                                                                                                                    Function 00007FF7D789B338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF7D7894F81,?,?,?,?,00007FF7D789A4FA,?,?,?,?,00007FF7D78971FF), ref: 00007FF7D789B347
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7D7894F81,?,?,?,?,00007FF7D789A4FA,?,?,?,?,00007FF7D78971FF), ref: 00007FF7D789B37D
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7D7894F81,?,?,?,?,00007FF7D789A4FA,?,?,?,?,00007FF7D78971FF), ref: 00007FF7D789B3AA
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7D7894F81,?,?,?,?,00007FF7D789A4FA,?,?,?,?,00007FF7D78971FF), ref: 00007FF7D789B3BB
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7D7894F81,?,?,?,?,00007FF7D789A4FA,?,?,?,?,00007FF7D78971FF), ref: 00007FF7D789B3CC
                                                                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,?,00007FF7D7894F81,?,?,?,?,00007FF7D789A4FA,?,?,?,?,00007FF7D78971FF), ref: 00007FF7D789B3E7
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                                    • Opcode ID: 6c88e88182f069636ae7df0ba171e708af9cab9deaf2d86c464056bb8d47fe11
                                                                                                                                                                                                                                    • Instruction ID: f357cf8a5371524ae0c35adfb70485c9ae6b2e381e987191c264c9df97422336
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c88e88182f069636ae7df0ba171e708af9cab9deaf2d86c464056bb8d47fe11
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87114D20A0C74286FA58B721969113DED865F847B0FD48736E87E47BD6DF2CB4239321
                                                                                                                                                                                                                                    Function 00007FFDFB056D50 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 129networkCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: getnameinfohtonsmemset
                                                                                                                                                                                                                                    • String ID: $..\s\crypto\bio\b_addr.c
                                                                                                                                                                                                                                    • API String ID: 165288700-1606403076
                                                                                                                                                                                                                                    • Opcode ID: f1bf051b97ab26c01972a26450ccc25cb878bdc10f9a6b0ba7e8bbbca518d627
                                                                                                                                                                                                                                    • Instruction ID: b3604d5264e00668bf8314cd82e3144aa4e0603de96759d9051a0abe3e527042
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1bf051b97ab26c01972a26450ccc25cb878bdc10f9a6b0ba7e8bbbca518d627
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B751C532B1A64385FB649B21D820AB973A0EF45748F404135FBAE47AEDDF3DE9859700
                                                                                                                                                                                                                                    Function 00007FF7D7882910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7D7881B6A), ref: 00007FF7D788295E
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                                                    • API String ID: 2050909247-2962405886
                                                                                                                                                                                                                                    • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                                                    • Instruction ID: 9fa937a4098d8d872ca2ba51f1b956d7c66686a2d2ecb1bb069192922a163f53
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F831B422B1868156E720B761B8416EEAA95BF887E4FC00137EE8D83759EF3CD567C710
                                                                                                                                                                                                                                    Function 00007FF7D7882390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                    • String ID: Unhandled exception in script
                                                                                                                                                                                                                                    • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                    • Opcode ID: dd10c28d74256616f4f20b34f0e4914686707bcd8d030bd0fddff274f11205b5
                                                                                                                                                                                                                                    • Instruction ID: 39a5020eaa1a1c26d0fa8becc4b9f9abb2c7a2c9c1c480aba4c37829969ac2b6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd10c28d74256616f4f20b34f0e4914686707bcd8d030bd0fddff274f11205b5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4313072A1968289EB60EF61F8552FEAB60FF88784FC40136EA4D47B59DF3CD1168710
                                                                                                                                                                                                                                    Function 00007FF7D7882B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF7D788918F,?,00007FF7D7883C55), ref: 00007FF7D7882BA0
                                                                                                                                                                                                                                    • MessageBoxW.USER32 ref: 00007FF7D7882C2A
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentMessageProcess
                                                                                                                                                                                                                                    • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                                                    • API String ID: 1672936522-3797743490
                                                                                                                                                                                                                                    • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                                                    • Instruction ID: 0cc8ca2490330115a5bf9f6b6c5a260d0a9a380bcbe19190a2a98f182dc97a94
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9219F62708B4182E710AB54B8447AEABA4FB88784FC00137EA8D97659DF3CD226C710
                                                                                                                                                                                                                                    Function 00007FF7D7882710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF7D7881B99), ref: 00007FF7D7882760
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                    • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                    • API String ID: 2050909247-1591803126
                                                                                                                                                                                                                                    • Opcode ID: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                                                    • Instruction ID: 55d9593ac427153e07de494bc5774fd33131f68ccded2007495c8d5b8a497707
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61218132A1878182E720EB51B9817EAABA4FB88784FC00137EE8D53659DF3CD5568750
                                                                                                                                                                                                                                    Function 00007FFDFAE74D10 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DoubleErr_Float_FromNumericStringSubtypeType_Unicode_
                                                                                                                                                                                                                                    • String ID: not a numeric character
                                                                                                                                                                                                                                    • API String ID: 1034370217-2058156748
                                                                                                                                                                                                                                    • Opcode ID: d227b15f99b18ecaf3431d0540b7a16d1acf2861df3dd9f652c5a8dba9eb0d8a
                                                                                                                                                                                                                                    • Instruction ID: 4ea205deab73e6a629956d5a390344eda9b73f860cd68458180b5ab2715fd651
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d227b15f99b18ecaf3431d0540b7a16d1acf2861df3dd9f652c5a8dba9eb0d8a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D117F21B08D4281FB5DEB25F47483963A5AF44B84F5481B1DABF066ECDF2EE8898200
                                                                                                                                                                                                                                    Function 00007FFDFAE7433C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DecimalDigitErr_FromLongLong_StringSubtypeType_Unicode_
                                                                                                                                                                                                                                    • String ID: not a decimal
                                                                                                                                                                                                                                    • API String ID: 3750391552-3590249192
                                                                                                                                                                                                                                    • Opcode ID: 4cd7b5fb5943511e975919729b82d442fd1561ba654134ef1ba2f9d59564d466
                                                                                                                                                                                                                                    • Instruction ID: b9ae9a604c8873fb8e03a4b7a1787dbdc7dc36c8047d873d7407975ca1d6e47f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4cd7b5fb5943511e975919729b82d442fd1561ba654134ef1ba2f9d59564d466
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF117321B18A4291FF1CAB16F46493C63A9AF44B84F4484B1CA7F47AD8DF2EE8498310
                                                                                                                                                                                                                                    Function 00007FFDFAE743D4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Arg_ArgumentReadyUnicode_
                                                                                                                                                                                                                                    • String ID: a unicode character$argument$decomposition
                                                                                                                                                                                                                                    • API String ID: 1875788646-2471543666
                                                                                                                                                                                                                                    • Opcode ID: c9e2a8fafb7eaabc8ce54b90bcbd4c8431e8ff05347b5cd5a391dbc2c38b81b4
                                                                                                                                                                                                                                    • Instruction ID: dd650730c5569a79960291c85f0c8ed1392429af48838937020b194a0d79ae34
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9e2a8fafb7eaabc8ce54b90bcbd4c8431e8ff05347b5cd5a391dbc2c38b81b4
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3001D661B08A4791EB5CAB11B4609792350EF05BA8F545171D93F076DCEF3DD4899300
                                                                                                                                                                                                                                    Function 00007FFDFAE746A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Arg_ArgumentReadyUnicode_
                                                                                                                                                                                                                                    • String ID: a unicode character$argument$east_asian_width
                                                                                                                                                                                                                                    • API String ID: 1875788646-3913127203
                                                                                                                                                                                                                                    • Opcode ID: c193b0b3b5e4cb018d0ccc4ca1fb91a358a71c372149ac242ac32dc57928e9ca
                                                                                                                                                                                                                                    • Instruction ID: d3cee696f9518a2c7e5243027964db20d8f64ca23a80c437775b19fd8aa0f0e3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c193b0b3b5e4cb018d0ccc4ca1fb91a358a71c372149ac242ac32dc57928e9ca
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3501D160B08B8346EB5CAB51B460EB52360AF49BA4F4451B1DD7F0B6DCEF3ED4988300
                                                                                                                                                                                                                                    Function 00007FFDFAE725F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Mem_$Capsule_Err_FreeMallocMemory
                                                                                                                                                                                                                                    • String ID: unicodedata._ucnhash_CAPI
                                                                                                                                                                                                                                    • API String ID: 3673501854-3989975041
                                                                                                                                                                                                                                    • Opcode ID: 7b512d6efe02e1dc27478fa8e2cd1b8da7ed1a336de638e7eff3fef020cc4c20
                                                                                                                                                                                                                                    • Instruction ID: 5fc37ace78a584503dac1aff281c004ee4930de6c94079d5e892c4c3957f368f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b512d6efe02e1dc27478fa8e2cd1b8da7ed1a336de638e7eff3fef020cc4c20
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15F01920B09B4391EB49AB11B86087423A8BF18B81F8410B2C87F063ECEF3EE0448310
                                                                                                                                                                                                                                    Function 00007FF7D7899AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                    • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                                                    • Instruction ID: d0ab9f94d0ee6f37a71596f1683fd49e663751ad143aaedd2d4543e5441b0024
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AFF04F21A0960681EB10AB24A49577EEF60AF89761FD40236D66E475E4DF2CE056C320
                                                                                                                                                                                                                                    Function 00007FFDFAF91762 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 203COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: $$..\s\crypto\rsa\rsa_sign.c
                                                                                                                                                                                                                                    • API String ID: 0-1864662394
                                                                                                                                                                                                                                    • Opcode ID: 3063dcca6a002b1abc7fc56ed8c52ca578cd39632aa0d54356f23b61f08745ba
                                                                                                                                                                                                                                    • Instruction ID: ea7bbb5e909840aa8ba0727f57766de6f2d3eab938f877d7ddbd62cbfe7ea6fd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3063dcca6a002b1abc7fc56ed8c52ca578cd39632aa0d54356f23b61f08745ba
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5891C022F0A6878AE7209B159460B79A392FB59788F004131EAAD47BEEDF7CE541C700
                                                                                                                                                                                                                                    Function 00007FFDFAF91ED3 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 166COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: memmove
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\pem\pem_lib.c$;$Enter PEM pass phrase:
                                                                                                                                                                                                                                    • API String ID: 2162964266-3733131234
                                                                                                                                                                                                                                    • Opcode ID: cd38e328b997667744c1706e487c666578dc2542a510621b81c4d5bbb33f039a
                                                                                                                                                                                                                                    • Instruction ID: af4d72ef33559c8992428b7925cd6fa99180617da7dfda80da6435659da6b7ae
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd38e328b997667744c1706e487c666578dc2542a510621b81c4d5bbb33f039a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C719462B1968386E720DB51E860BAA7350FF897ACF400235EA6D47ADDDF3DD641CB40
                                                                                                                                                                                                                                    Function 00007FF7D78A93D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _set_statfp
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1156100317-0
                                                                                                                                                                                                                                    • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                    • Instruction ID: 22e1d1a21e8daf93fde11616e6463597eedd8869a8d611876273d15b2d7a8d76
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1811A372E5DB2301F7543124D79637DBA446F59374FC40636EB6E062D6CE2CA9634124
                                                                                                                                                                                                                                    Function 00007FF7D789B400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FlsGetValue.KERNEL32(?,?,?,00007FF7D789A613,?,?,00000000,00007FF7D789A8AE,?,?,?,?,?,00007FF7D789A83A), ref: 00007FF7D789B41F
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7D789A613,?,?,00000000,00007FF7D789A8AE,?,?,?,?,?,00007FF7D789A83A), ref: 00007FF7D789B43E
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7D789A613,?,?,00000000,00007FF7D789A8AE,?,?,?,?,?,00007FF7D789A83A), ref: 00007FF7D789B466
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7D789A613,?,?,00000000,00007FF7D789A8AE,?,?,?,?,?,00007FF7D789A83A), ref: 00007FF7D789B477
                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7D789A613,?,?,00000000,00007FF7D789A8AE,?,?,?,?,?,00007FF7D789A83A), ref: 00007FF7D789B488
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                                    • Opcode ID: 43a5c13e669b9c0dc60c9d5204f3187f9cebb30c335aac4df6ce1d0b58ad24f5
                                                                                                                                                                                                                                    • Instruction ID: 0143507d56e0f2fc7bbbd09d1560a91e7048d2e24007f3492d2f68a975ca4698
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43a5c13e669b9c0dc60c9d5204f3187f9cebb30c335aac4df6ce1d0b58ad24f5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71117C20A0C70246FA98B3219A5117DED465F847B0FD8833AE87E57AD6DF2CB4239321
                                                                                                                                                                                                                                    Function 00007FF7D789B294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                                    • Opcode ID: 8aa69c65082f5ed190463b1c2d732539134b8ecb86da000f77e4666776fecf75
                                                                                                                                                                                                                                    • Instruction ID: 5a76e6b6a2dadf4590e743ab2f81201f0a762d35159719b29c8fc27b2f168616
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8aa69c65082f5ed190463b1c2d732539134b8ecb86da000f77e4666776fecf75
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24112A20E0930746FAA8B361881117D9D854F85730FD4873AD93E5A6C2DF2CB8239232
                                                                                                                                                                                                                                    Function 00007FF7D7896010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: verbose
                                                                                                                                                                                                                                    • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                    • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                    • Instruction ID: e87e453b43ddad1751ba9dcd0241515f715135945da029e8a474d004ca6c1c96
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2991BD32B08A4685E761AF64D8503BDBB91AB40B94FC44137DA9E473C5DF3CF4268322
                                                                                                                                                                                                                                    Function 00007FF7D789FC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                    • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                    • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                                                    • Instruction ID: 97c37a4e5ad1fb732fc0134bf4ed1798d7c24c679b23ad6f8e18ba186a382610
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D819172E0C24285F76C6F25C15427DBEA0AF11B48FD98037DA0A9B695DF2DF9239321
                                                                                                                                                                                                                                    Function 00007FF7D788D6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                    • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                                    • Opcode ID: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                                                    • Instruction ID: 25f8df9747e83680e2b40130022848bda9c5120a9509a27497a27137bf949d27
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5951A132B196028ADB54AF15F444A3CBB91EB48B98FD04632DA4D47748DF7CE862C720
                                                                                                                                                                                                                                    Function 00007FF7D788EF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                    • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                    • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                                                    • Instruction ID: 3de61bed89523ec2fcb19f663cf81ac7d5f3e6c9e484911be9101efc215d2ef8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F661B232908BC585E761AB15F4407AEFBA0FB85B84F844226EB9C07B59DF7CD5A1CB10
                                                                                                                                                                                                                                    Function 00007FF7D788F2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                                                                    • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                    • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                                                    • Instruction ID: 34ce0f87913e136e83512eb9cc17ced66c867706bffdaba8a107dee021ac2745
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4518F32908382C6EB64AF21E44466CBAA0FB54B94FD84237DA5D87795CF3CE962C711
                                                                                                                                                                                                                                    Function 00007FFDFAF92833 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\async\async.c$T
                                                                                                                                                                                                                                    • API String ID: 0-2182492907
                                                                                                                                                                                                                                    • Opcode ID: aeb11ce29c04b18737726b1ff654c4ac8fd408bd38e1e16214dac639275dbd16
                                                                                                                                                                                                                                    • Instruction ID: 44790aaa24c21deb0761ce866e497fed7dceae24677eead4ffd8ad6754775b0d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aeb11ce29c04b18737726b1ff654c4ac8fd408bd38e1e16214dac639275dbd16
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F518F31B1AA4381FB249B11E8209B97360EF49788F404535EA6E4BBEEDF3DE509D700
                                                                                                                                                                                                                                    Function 00007FFDFAF93841 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 82COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\bio\b_sock.c$J$host=
                                                                                                                                                                                                                                    • API String ID: 0-1729655730
                                                                                                                                                                                                                                    • Opcode ID: 31c7aae0c6204fcaae541c015ea13e20bcfa82d779c5bb0f8b846d03ff15bf19
                                                                                                                                                                                                                                    • Instruction ID: c2d7ed92b78a2590f20a8821dcc0009e25bd7a3ae010c90e21ef5be138c6e2ef
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 31c7aae0c6204fcaae541c015ea13e20bcfa82d779c5bb0f8b846d03ff15bf19
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66318F32B0858282EB149B55E4609A9A360FF89798F440535FBAC47BEEDF3DE5448B00
                                                                                                                                                                                                                                    Function 00007FF7D7887E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(00000000,?,00007FF7D788352C,?,00000000,00007FF7D7883F23), ref: 00007FF7D7887F22
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CreateDirectory
                                                                                                                                                                                                                                    • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                                    • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                                    • Opcode ID: 517c45005fecb665460f06d6deeb7a52b86fc8f3bacaeb8cdec2a0b3fdaf0698
                                                                                                                                                                                                                                    • Instruction ID: ba754ac9cf7c17151ad964a07cbafa876519686990405ff0f88b3df026fb2819
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 517c45005fecb665460f06d6deeb7a52b86fc8f3bacaeb8cdec2a0b3fdaf0698
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5731B621A19AC145EB21AB21F4507AEA764EF84BE4FC40232EE6D47BC9DE3CD6528710
                                                                                                                                                                                                                                    Function 00007FF7D7882810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                    • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                                                    • API String ID: 2030045667-255084403
                                                                                                                                                                                                                                    • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                                                    • Instruction ID: 9dbcc1d40d3c2ec33d2bf62fa1f3def77b08a5710001b73f4eaa28db95a613ee
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2219F62B08B4182E710AB54B9447EEABA4FB88784FC00137EA8D93659DF3CD266C710
                                                                                                                                                                                                                                    Function 00007FFDFAE71EC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • PyErr_SetString.PYTHON311(?,?,?,?,?,00007FFDFAE71EAC), ref: 00007FFDFAE73B27
                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFAE71FA0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFAE71FD8
                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFAE71FA0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFAE71FF6
                                                                                                                                                                                                                                    • PyErr_Format.PYTHON311 ref: 00007FFDFAE71F23
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Err_strncmp$FormatString
                                                                                                                                                                                                                                    • String ID: name too long$undefined character name '%s'
                                                                                                                                                                                                                                    • API String ID: 3882229318-4056717002
                                                                                                                                                                                                                                    • Opcode ID: b98d6f379e37c6626a706c45c6f16680869db59c760aa045eb682f6abe69d443
                                                                                                                                                                                                                                    • Instruction ID: 9d476962ecef6dd321b7a9f2ef2a050d301a36a4474a40c61bc0487bf70f8fa4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b98d6f379e37c6626a706c45c6f16680869db59c760aa045eb682f6abe69d443
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00111F65B18A4781EB08AB18F4A4AB86365FF98749F840471CA3F462F8DF6ED54AC710
                                                                                                                                                                                                                                    Function 00007FFDFAF9139D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38networkCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorLastsocket
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\bio\b_sock2.c$2
                                                                                                                                                                                                                                    • API String ID: 1120909799-2051290508
                                                                                                                                                                                                                                    • Opcode ID: 2ef5472a3713315c0ebdeb3789e1964bedc6f77517e54092a2e54a431cd722de
                                                                                                                                                                                                                                    • Instruction ID: 78d569befe2709892f80c42ccfd0d3885cabb83139e6b6f1bc34b3a0d4e639cf
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ef5472a3713315c0ebdeb3789e1964bedc6f77517e54092a2e54a431cd722de
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF018031B1959382E7209B25E8109AD7264FF49768F604235FA7D47AEDCF3DE941C740
                                                                                                                                                                                                                                    Function 00007FFDFAF96438 Relevance: 6.4, APIs: 2, Strings: 2, Instructions: 395COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: memset
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\sm2\sm2_crypt.c$@
                                                                                                                                                                                                                                    • API String ID: 2221118986-485510600
                                                                                                                                                                                                                                    • Opcode ID: 73d515558a6ea1061c9dfbb1edc816eb1e10a5784d156248db651bcc855363fc
                                                                                                                                                                                                                                    • Instruction ID: c3082477cce8fd11bc29b38966c75f7abe37712e98647a6a7c9f6c10d8da2877
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73d515558a6ea1061c9dfbb1edc816eb1e10a5784d156248db651bcc855363fc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB02A432B0968381EB14DB16E4209AE6760FF95B98F504235EEAD47BE9DF3DD509CB00
                                                                                                                                                                                                                                    Function 00007FF7D789C610 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2718003287-0
                                                                                                                                                                                                                                    • Opcode ID: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                                                    • Instruction ID: 29a31c3dac5265024d79281ea30821b6fdeb0d621a2bbe98ee9ca0829a408b7f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3D1D172B18A818AE710DF75D4401ACBBA1FB44798BC48227DE5E97B99DF39E027C350
                                                                                                                                                                                                                                    Function 00007FFDFAF9382D Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 226COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: )$..\s\crypto\evp\p5_crpt.c
                                                                                                                                                                                                                                    • API String ID: 0-3563398421
                                                                                                                                                                                                                                    • Opcode ID: 7b601fa9f3557c5b837c5acffd922e01e82c41c63bf638c72a9ed807f20a69b8
                                                                                                                                                                                                                                    • Instruction ID: 7accd8ccd2925e2debdb0e2c8c60eee929f4258e98d37faed4fda819204ec2b7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b601fa9f3557c5b837c5acffd922e01e82c41c63bf638c72a9ed807f20a69b8
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0591C722F1D28395EB64DB11D820ABA6754EF85798F446232E97D4BAEDDF3CE501CB00
                                                                                                                                                                                                                                    Function 00007FF7D789CFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7D789CFBB), ref: 00007FF7D789D0EC
                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7D789CFBB), ref: 00007FF7D789D177
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 953036326-0
                                                                                                                                                                                                                                    • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                                                    • Instruction ID: 271e65dc20e21f72b71787752a22782995c10f548d5ea1650c8db9bdc17cd1e3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30919E22E1865285F760AF7594402BDBFA0AB44B88FD4413BDE0E57A95DF38F4A38734
                                                                                                                                                                                                                                    Function 00007FFDFB9F8C50 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 213COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1766813955.00007FFDFB961000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFB960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766792416.00007FFDFB960000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766904172.00007FFDFBA8A000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766935570.00007FFDFBAB7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766957897.00007FFDFBABC000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766957897.00007FFDFBACA000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfb960000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: memcpy
                                                                                                                                                                                                                                    • String ID: AND $<expr>$rowid
                                                                                                                                                                                                                                    • API String ID: 3510742995-4041574714
                                                                                                                                                                                                                                    • Opcode ID: 016c7c773bcf2607276abf59fe97fb2a5a6a2bda73357961292f296636e26e51
                                                                                                                                                                                                                                    • Instruction ID: 780543fead57f3b81d0b2572d0d726f44cd8f52bbd87bc5efc67bd5df0f010eb
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 016c7c773bcf2607276abf59fe97fb2a5a6a2bda73357961292f296636e26e51
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4EA19E32B0A683C9EB44CF15D4E09783BA2EB55BA8F544035DA2A473ECDF78E881D750
                                                                                                                                                                                                                                    Function 00007FFDFAF92DEC Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                                                                                    • String ID: Operation not permitted$unknown
                                                                                                                                                                                                                                    • API String ID: 1452528299-31098287
                                                                                                                                                                                                                                    • Opcode ID: 98fd99213be571fb8821e332285a7a3172dfad59924788fedf6360fac81b26b1
                                                                                                                                                                                                                                    • Instruction ID: 3841c111eba6f0b533a7faef0fafcb34d27c32b8b94676987bebb667c3ea200a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98fd99213be571fb8821e332285a7a3172dfad59924788fedf6360fac81b26b1
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77815A21F0A6838AFB549B15E834BB927A4FF85798F444131E96E8B2EDDE3CF4419700
                                                                                                                                                                                                                                    Function 00007FFDFAE71FA0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                    • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                                                                    • API String ID: 1114863663-87138338
                                                                                                                                                                                                                                    • Opcode ID: 886bfc1c966c22b0f2d39d37cb76d1b19a9b9a9c313fd26bc442c24dfc1d4ec6
                                                                                                                                                                                                                                    • Instruction ID: d66febab5e3bcc5743254fe378eef94c63aaad0972fdfe36b411e67f6c0e87b7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 886bfc1c966c22b0f2d39d37cb76d1b19a9b9a9c313fd26bc442c24dfc1d4ec6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0612732B1864647E768AA15B420A7AB252FF90B90F544275E97F477CCEF3EE442C710
                                                                                                                                                                                                                                    Function 00007FF7D789F9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4170891091-0
                                                                                                                                                                                                                                    • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                                                    • Instruction ID: 3fd82390d898ee4554f4e233df529104200fe5458dc6e29760caac0cd144f1bf
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7251D872F081118AFB18EF24D9556BCABA1AB44368FD14137DD1E52AE5DB3CB463C710
                                                                                                                                                                                                                                    Function 00007FFDFAF9153C Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: memmove
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\ct\ct_oct.c
                                                                                                                                                                                                                                    • API String ID: 2162964266-1972679481
                                                                                                                                                                                                                                    • Opcode ID: c80aa2b72bc9495c54993b01d5c812eeadbc183eb9979e83b6fcbd401a36e4a0
                                                                                                                                                                                                                                    • Instruction ID: d38a2c53eaf11fbafe4488456ddc54b85f84a29133953d29dd429ff91bb7592a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c80aa2b72bc9495c54993b01d5c812eeadbc183eb9979e83b6fcbd401a36e4a0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5071B562B0A6C289E715CF25842057C3B70EB19B4CF144276DEAD077EEDE2CE656D700
                                                                                                                                                                                                                                    Function 00007FFDFB043670 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 155stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                    • String ID: content-type
                                                                                                                                                                                                                                    • API String ID: 1114863663-3266185539
                                                                                                                                                                                                                                    • Opcode ID: 00316a889f48f2dd79bce5b857953a1be8f39353a5621b6231b7732f46011b4e
                                                                                                                                                                                                                                    • Instruction ID: 4777ff3175538cb433b7d44d86f97bfc17a17b9deca136342f7dbc0fba1a11c5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00316a889f48f2dd79bce5b857953a1be8f39353a5621b6231b7732f46011b4e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B151E762F0E64381FB649716D970F7A62A1AF467A8F446234EE7D476EDDE2CE6018300
                                                                                                                                                                                                                                    Function 00007FFDFB9789E0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 138COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1766813955.00007FFDFB961000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFB960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766792416.00007FFDFB960000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766904172.00007FFDFBA8A000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766935570.00007FFDFBAB7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766957897.00007FFDFBABC000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766957897.00007FFDFBACA000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfb960000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: memset
                                                                                                                                                                                                                                    • String ID: %s at line %d of [%.10s]$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$database corruption
                                                                                                                                                                                                                                    • API String ID: 2221118986-3555682073
                                                                                                                                                                                                                                    • Opcode ID: 4e958a3d1a49056a62e5f39a704eedca47805cc12720ed27c9ea3e75a25f6360
                                                                                                                                                                                                                                    • Instruction ID: eb90cfb82a52fba5801fa3df322ab0353598ff015c0797958c9b2b06dca4c9d0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e958a3d1a49056a62e5f39a704eedca47805cc12720ed27c9ea3e75a25f6360
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E251977270AB4296EB54CF26E590A697BE4FB48B84F644032DF6D437A9EF38E455C300
                                                                                                                                                                                                                                    Function 00007FF7D78957EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2780335769-0
                                                                                                                                                                                                                                    • Opcode ID: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                                                    • Instruction ID: cfc9da995804ac23d5539b8dc3688c7dff632dcb2ae07d0454b6cc4dc12ea8e1
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8518022E086418AFB10EF71E4513BDABB1BB48B58FD44536DE4D57A89DF38E462C720
                                                                                                                                                                                                                                    Function 00007FFDFB985AD0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 83COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1766813955.00007FFDFB961000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFB960000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766792416.00007FFDFB960000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766904172.00007FFDFBA8A000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766935570.00007FFDFBAB7000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766957897.00007FFDFBABC000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1766957897.00007FFDFBACA000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfb960000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: %s at line %d of [%.10s]$d402f49871152670a62f4f28cacb15d814f2c1644e9347ad7d258e562978e45e$database corruption
                                                                                                                                                                                                                                    • API String ID: 0-3555682073
                                                                                                                                                                                                                                    • Opcode ID: 8670adbfeb189532df9b910559b8b63d21372918f7f2358b62d07d908cf0f46b
                                                                                                                                                                                                                                    • Instruction ID: 81caa74a9d8105b3b6ba2c949bd176a7148deaa1585888824486b4e377941356
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8670adbfeb189532df9b910559b8b63d21372918f7f2358b62d07d908cf0f46b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D31BF7660A7C289D708CF39D0A047D7BA1E751B44B04813AEFA94B3ADEB3CD559C710
                                                                                                                                                                                                                                    Function 00007FFDFAF91C76 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 57stringCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: strcmp
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\pem\pem_pkey.c$DH PARAMETERS$X9.42 DH PARAMETERS
                                                                                                                                                                                                                                    • API String ID: 1004003707-3633731555
                                                                                                                                                                                                                                    • Opcode ID: 206be129debcac2a41237a69353c9bccba0cedb93cf01b7063e6a005a7104eb5
                                                                                                                                                                                                                                    • Instruction ID: e14ccfc93be2fa204a71a0d7633d3f0b466e54a7775bb3354634a05c0163c0f4
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 206be129debcac2a41237a69353c9bccba0cedb93cf01b7063e6a005a7104eb5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2821A622B09687C1EF10DB55E8209A96360FF89798F444171EA6C47BEDDF7DD244CB00
                                                                                                                                                                                                                                    Function 00007FF7D78820C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1956198572-0
                                                                                                                                                                                                                                    • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                    • Instruction ID: 9e1fbcf427df40f09c2cc04d7a6937eeba1dc7737a47cd3885ea31a0e65f2ae5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B11A925F1C15242F754A769F94427DDF92EF84790FD44032DB4907B99CD3DE4E68210
                                                                                                                                                                                                                                    Function 00007FF7D788D080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                                    • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                                                    • Instruction ID: 02ac6c4dd74e2fe7813f280f65592ea4c3fd970580f40de278ac318188a729ac
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6114F26B14B0589EB00DB60E8542AD7BB4FB19758F841E36DA1D47764DF38D1668350
                                                                                                                                                                                                                                    Function 00007FFDFAC284E4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763738428.00007FFDFA681000.00000020.00000001.01000000.00000028.sdmp, Offset: 00007FFDFA680000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763719292.00007FFDFA680000.00000002.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764130918.00007FFDFAC47000.00000002.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764264512.00007FFDFAE0B000.00000004.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764285393.00007FFDFAE0D000.00000008.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764304943.00007FFDFAE0E000.00000004.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764325077.00007FFDFAE12000.00000008.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764344652.00007FFDFAE14000.00000004.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764364640.00007FFDFAE16000.00000008.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764385227.00007FFDFAE1B000.00000004.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764407419.00007FFDFAE1F000.00000002.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfa680000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                                    • Opcode ID: 482ef674be31a355f0017e669e564cf40bbc9000a1cd375260d82ff325400f61
                                                                                                                                                                                                                                    • Instruction ID: b66ae6866243a63602bc83a9f01c7363cd49951b09383a6a59203ac03fe69067
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 482ef674be31a355f0017e669e564cf40bbc9000a1cd375260d82ff325400f61
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94112A26B14F068AEB04DF61E8646BC33B4FB19758F441E31EE6D467A8EF78D5648340
                                                                                                                                                                                                                                    Function 00007FF7D78A5B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: ?
                                                                                                                                                                                                                                    • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                    • Opcode ID: 8108d8be77440c3e9c62f2a415d3a3f63afd5a4d850aaf976d1496cecaf540be
                                                                                                                                                                                                                                    • Instruction ID: f23e559286857582bb11b55ed0cab42d82d53a3a04631e768f8f5e0d2236ecbf
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8108d8be77440c3e9c62f2a415d3a3f63afd5a4d850aaf976d1496cecaf540be
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D941EB12A0878145FB24A715A54637DDE50EB90BA4FD44237EE5D06AD9DF3CD4A3C710
                                                                                                                                                                                                                                    Function 00007FFDFAF92743 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _time64
                                                                                                                                                                                                                                    • String ID: %02d%02d%02d%02d%02d%02dZ$%04d%02d%02d%02d%02d%02dZ
                                                                                                                                                                                                                                    • API String ID: 1670930206-2648760357
                                                                                                                                                                                                                                    • Opcode ID: 2a3bc1689ddc0f887af3b9ff0742d7664fa732a47decfc4233859a34b1d629f8
                                                                                                                                                                                                                                    • Instruction ID: 81bb2838c13b7804eee914d573e1cc6d572383913310e69a1826b3a5d7722b0e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a3bc1689ddc0f887af3b9ff0742d7664fa732a47decfc4233859a34b1d629f8
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F516132B097828AE764DF15E450A6AB7A0FB89754F045135EA9D87BADDF3CE4808B00
                                                                                                                                                                                                                                    Function 00007FFDFAF91613 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: getaddrinfo
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\bio\b_addr.c
                                                                                                                                                                                                                                    • API String ID: 300660673-2547254400
                                                                                                                                                                                                                                    • Opcode ID: a0b5319feac94952a1432a4b762969270d9d630226e0b1293bfa37404cbb0f4b
                                                                                                                                                                                                                                    • Instruction ID: 4917cbacc0658806b18a118abebb58590457c8cf989f533976c087795dd4fe42
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0b5319feac94952a1432a4b762969270d9d630226e0b1293bfa37404cbb0f4b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C41C772B1968387E7549B22A860ABD7350FB85744F004235FAAA47FE9DF3CD445DB00
                                                                                                                                                                                                                                    Function 00007FF7D7899084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D78990B6
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D789A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7D78A2D92,?,?,?,00007FF7D78A2DCF,?,?,00000000,00007FF7D78A3295,?,?,?,00007FF7D78A31C7), ref: 00007FF7D789A9CE
                                                                                                                                                                                                                                      • Part of subcall function 00007FF7D789A9B8: GetLastError.KERNEL32(?,?,?,00007FF7D78A2D92,?,?,?,00007FF7D78A2DCF,?,?,00000000,00007FF7D78A3295,?,?,?,00007FF7D78A31C7), ref: 00007FF7D789A9D8
                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7D788CC15), ref: 00007FF7D78990D4
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: C:\Users\user\Desktop\pbz3swuapf.exe
                                                                                                                                                                                                                                    • API String ID: 3580290477-1877677919
                                                                                                                                                                                                                                    • Opcode ID: 2cf9991d5cc0f55d4af5251d222b056ff2fa25707e1fd1ed9fb4097698885552
                                                                                                                                                                                                                                    • Instruction ID: 5abefe2f665dbdcc2e5779e7fc6f1f120c96937eb89a721e270fcc25790c2b2d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2cf9991d5cc0f55d4af5251d222b056ff2fa25707e1fd1ed9fb4097698885552
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76415032A08B52CAE714BF2598910BDABA4FB847D0BD54037E94D43B85DF3CE4A28360
                                                                                                                                                                                                                                    Function 00007FF7D789CCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                    • String ID: U
                                                                                                                                                                                                                                    • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                    • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                                                    • Instruction ID: e4b7ad97d2c9098453833898a0d2984cc57b7a237e708ead5254b531514eb34b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B41A532B19A8585DB609F25E4443ADAB60FB88794FC44137EE4D87B98EF3DE412C750
                                                                                                                                                                                                                                    Function 00007FF7D789F628 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: CurrentDirectory
                                                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                                                    • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                    • Opcode ID: 779a21297323b81187f7e0c7d27b40be9ec8fbab2d126766b2de98969da868de
                                                                                                                                                                                                                                    • Instruction ID: 5ff50b13db7e14267d028b99cdc9e0e3babbab6b7a61ecdc2bf8f4db6173b1f7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 779a21297323b81187f7e0c7d27b40be9ec8fbab2d126766b2de98969da868de
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35210433A0838182FB25AB15D44426EBBB1FB84B44FD54037DA8D43694DF7CE966CB61
                                                                                                                                                                                                                                    Function 00007FFDFAF93387 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorLastgetsockname
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\bio\b_sock.c
                                                                                                                                                                                                                                    • API String ID: 566540725-540685895
                                                                                                                                                                                                                                    • Opcode ID: a7a9d23270d94e37348a85efb9068d8d5f36d2912cc69f144dbe1a5ed76ec5ab
                                                                                                                                                                                                                                    • Instruction ID: 44b6ed6c9fae6ddbeee55619aa59a413d3daa8af21886116b9d2a3efab4ebdfe
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7a9d23270d94e37348a85efb9068d8d5f36d2912cc69f144dbe1a5ed76ec5ab
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B215C72B1910786E720DB61E824AEEA360FF84318F800635E67C47AE9DF3DE595DB40
                                                                                                                                                                                                                                    Function 00007FF7D788FDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                    • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                    • Opcode ID: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                                                    • Instruction ID: 7ae921b3440506b5db85adfff8614d3a534115d69355e20ef0cb1f43d8690d87
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15112E32618B8182EB619F15F54025DBBE4FB88B84F984232EB8D07759DF3CD9628B10
                                                                                                                                                                                                                                    Function 00007FF7D78A07AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1763595857.00007FF7D7881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D7880000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763575676.00007FF7D7880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763628710.00007FF7D78AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763654977.00007FF7D78C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1763695937.00007FF7D78C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff7d7880000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                                                    • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                    • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                                                    • Instruction ID: 5209e5ddf3534e31e3bf57c3ecddbb5df1f1619111423f7d3cf10463f42a86f3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 98018F2291824386FB20BF60A46627EABA0FF44708FC40037D54D82691FF3DE526CA24
                                                                                                                                                                                                                                    Function 00007FFDFAE74BC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: String$Err_FromUnicode_
                                                                                                                                                                                                                                    • String ID: no such name
                                                                                                                                                                                                                                    • API String ID: 3678473424-4211486178
                                                                                                                                                                                                                                    • Opcode ID: 6bdcbe24128af695ee13844c88defaff06e477b9c7bc45880a5b3057e8584fa3
                                                                                                                                                                                                                                    • Instruction ID: 4a022c5a23f1aa5811c9e30c9b3858cdf91cd13de98c77bd4b7032ae56be2c0d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6bdcbe24128af695ee13844c88defaff06e477b9c7bc45880a5b3057e8584fa3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0011D71B19A4681FB68AB11F870BB523A4FF98B49F440471DA7F4A6D8DF3DE1498600
                                                                                                                                                                                                                                    Function 00007FFDFAF96BE5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21networkCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ErrorLastioctlsocket
                                                                                                                                                                                                                                    • String ID: ..\s\crypto\bio\b_sock.c
                                                                                                                                                                                                                                    • API String ID: 1021210092-540685895
                                                                                                                                                                                                                                    • Opcode ID: 4b3498a1bc9275628b4fed3f0116b26741c55f820a8da06fdf06bba4b20f0e59
                                                                                                                                                                                                                                    • Instruction ID: 8848e5e693536719f59767bc84d18cc42186bc2894e9133d23330501548ff5fb
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b3498a1bc9275628b4fed3f0116b26741c55f820a8da06fdf06bba4b20f0e59
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CBE06561B2A11346E7256B61D824FAA2210AF08309F000230E93D86AE9DF3DB2598A10
                                                                                                                                                                                                                                    Function 00007FFDFAE72580 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _PyObject_GC_New.PYTHON311(?,?,00000000,00007FFDFAE72503), ref: 00007FFDFAE72586
                                                                                                                                                                                                                                    • PyObject_GC_Track.PYTHON311(?,?,00000000,00007FFDFAE72503), ref: 00007FFDFAE725B8
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764467804.00007FFDFAE71000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAE70000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764448020.00007FFDFAE70000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAE75000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAED2000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF1E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF21000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF26000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764488011.00007FFDFAF80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764679066.00007FFDFAF83000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764699181.00007FFDFAF85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfae70000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Object_$Track
                                                                                                                                                                                                                                    • String ID: 3.2.0
                                                                                                                                                                                                                                    • API String ID: 16854473-1786766648
                                                                                                                                                                                                                                    • Opcode ID: 85fe6a6fc5e27b6f3d55999748cc855208ab5bc5396b460fb55a1e4e320e2c5a
                                                                                                                                                                                                                                    • Instruction ID: 4492c360790864c626dc50a79fc62f116eacf0cc1c644b05e5debe7fd059a68a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85fe6a6fc5e27b6f3d55999748cc855208ab5bc5396b460fb55a1e4e320e2c5a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2E07D25B05F0695EB19AB51B86446823A8FF0C745B540575CD7E023E8FF3EE195C760
                                                                                                                                                                                                                                    Function 00007FFDFB1CB080 Relevance: 5.2, APIs: 4, Instructions: 239COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • memchr.VCRUNTIME140(00007FFDFB1CAFEB,00000000,?,00000000,00007FFDFB1CA289), ref: 00007FFDFB1CB1BB
                                                                                                                                                                                                                                    • memchr.VCRUNTIME140(00007FFDFB1CAFEB,00000000,?,00000000,00007FFDFB1CA289), ref: 00007FFDFB1CB203
                                                                                                                                                                                                                                    • memchr.VCRUNTIME140(00007FFDFB1CAFEB,00000000,?,00000000,00007FFDFB1CA289), ref: 00007FFDFB1CB21D
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1764737281.00007FFDFB02D000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFAF90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764717831.00007FFDFAF90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF91000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAF9D000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFAFF5000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB009000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB019000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1764737281.00007FFDFB1DC000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB1DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB209000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB23A000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB260000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765020160.00007FFDFB286000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765161631.00007FFDFB2AE000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765190124.00007FFDFB2B4000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2B6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D2000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1765211018.00007FFDFB2D6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffdfaf90000_pbz3swuapf.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: memchr
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3297308162-0
                                                                                                                                                                                                                                    • Opcode ID: c5e960affa148b692ef3d217ac06fb5c7be25dddca428b8f48f7e9c294a6392b
                                                                                                                                                                                                                                    • Instruction ID: 572bfe4449f0a9fff05ececfbdb6a5c6e820f724ddea063aaae2e4bd500f4fb5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5e960affa148b692ef3d217ac06fb5c7be25dddca428b8f48f7e9c294a6392b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A91C6A7F0969681EB608F16D4A06BE67A0FB45BC8F485035EF5C837E9CE2DE945C700