Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
builded.exe

Overview

General Information

Sample name:builded.exe
Analysis ID:1591683
MD5:16a4f448219d7e20a80612d03a0a0f5c
SHA1:4e86a64e2d2df2b6303cc0bcfae8d2feab157e03
SHA256:c897f350c048329e77eae707fcf6ee75a6a18d75068927005ee1e8450009b394
Tags:exepythonuser-zhuzhu0009
Infos:

Detection

Python Stealer, CStealer
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Yara detected CStealer
AI detected suspicious sample
Potentially malicious time measurement code found
Yara detected Generic Python Stealer
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • builded.exe (PID: 4744 cmdline: "C:\Users\user\Desktop\builded.exe" MD5: 16A4F448219D7E20A80612D03A0A0F5C)
    • builded.exe (PID: 6496 cmdline: "C:\Users\user\Desktop\builded.exe" MD5: 16A4F448219D7E20A80612D03A0A0F5C)
      • cmd.exe (PID: 2924 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DynamicStealerDynamic Stealer is a Github Project C# written code by L1ghtN4n. This code collects passwords and uploads these to Telegram. According to Cyble this Eternity Stealer leverages code from this project and also Jester Stealer could be rebranded from it.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dynamicstealer

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_GenericPythonStealerYara detected Generic Python StealerJoe Security
    00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CStealerYara detected CStealerJoe Security
      Process Memory Space: builded.exe PID: 6496JoeSecurity_GenericPythonStealerYara detected Generic Python StealerJoe Security
        Process Memory Space: builded.exe PID: 6496JoeSecurity_CStealerYara detected CStealerJoe Security

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus detection for URL or domain
          Source: https://discord.gift/Avira URL Cloud: Label: malware
          Multi AV Scanner detection for submitted file
          Source: builded.exeVirustotal: Detection: 43%Perma Link
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 93.3% probability
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6199720 ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_put_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,2_2_00007FF8B6199720
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61BB720 X509_get0_pubkey,CRYPTO_malloc,RAND_bytes,EVP_PKEY_CTX_new,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FF8B61BB720
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61A3730 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,2_2_00007FF8B61A3730
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61720F9 BN_bin2bn,BN_is_zero,CRYPTO_free,CRYPTO_strdup,CRYPTO_clear_free,2_2_00007FF8B61720F9
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61B7760 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8B61B7760
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171E10 ERR_put_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8B6171E10
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61710FF CRYPTO_zalloc,ERR_put_error,ERR_put_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_put_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,2_2_00007FF8B61710FF
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171DCA CRYPTO_malloc,CRYPTO_mem_ctrl,OPENSSL_sk_find,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,OPENSSL_sk_push,CRYPTO_mem_ctrl,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,2_2_00007FF8B6171DCA
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6191790 CRYPTO_free,CRYPTO_strdup,2_2_00007FF8B6191790
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61717BD OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,OPENSSL_sk_num,CRYPTO_memcmp,CRYPTO_free,X509_free,OPENSSL_sk_pop_free,OPENSSL_sk_value,X509_get0_pubkey,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,2_2_00007FF8B61717BD
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61716F4 CRYPTO_malloc,CRYPTO_THREAD_lock_new,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,ERR_put_error,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,2_2_00007FF8B61716F4
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61A7860 CRYPTO_free,2_2_00007FF8B61A7860
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61BD840 CRYPTO_free,CRYPTO_free,2_2_00007FF8B61BD840
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617205E EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8B617205E
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617176C CRYPTO_free,CRYPTO_malloc,memcmp,CRYPTO_memdup,2_2_00007FF8B617176C
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61AF8F0 CRYPTO_realloc,2_2_00007FF8B61AF8F0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61C7530 EVP_MD_CTX_new,X509_get0_pubkey,EVP_PKEY_id,EVP_PKEY_id,EVP_PKEY_id,EVP_PKEY_size,EVP_DigestVerifyInit,EVP_PKEY_id,CRYPTO_malloc,BUF_reverse,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_MD_CTX_ctrl,EVP_DigestVerify,BIO_free,EVP_MD_CTX_free,CRYPTO_free,2_2_00007FF8B61C7530
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171163 EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8B6171163
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61795F0 CRYPTO_malloc,ERR_put_error,CRYPTO_free,2_2_00007FF8B61795F0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61C1620 CRYPTO_malloc,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,CRYPTO_free,2_2_00007FF8B61C1620
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171235 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FF8B6171235
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61713B6 CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8B61713B6
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6195327 CRYPTO_memdup,ERR_put_error,2_2_00007FF8B6195327
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61A3360 CRYPTO_THREAD_write_lock,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,2_2_00007FF8B61A3360
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6172293 CRYPTO_memdup,ERR_put_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8B6172293
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61BB350 CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FF8B61BB350
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617192E CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8B617192E
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171073 ERR_put_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,2_2_00007FF8B6171073
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61A7460 CRYPTO_free,2_2_00007FF8B61A7460
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171461 CRYPTO_free,CRYPTO_free,CRYPTO_memdup,2_2_00007FF8B6171461
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617160E CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8B617160E
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6199490 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,2_2_00007FF8B6199490
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171433 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8B6171433
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171C94 HMAC_CTX_new,EVP_CIPHER_CTX_new,EVP_sha256,HMAC_Init_ex,EVP_aes_256_cbc,HMAC_size,EVP_CIPHER_CTX_iv_length,HMAC_Update,HMAC_Final,CRYPTO_memcmp,EVP_CIPHER_CTX_iv_length,EVP_CIPHER_CTX_iv_length,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,2_2_00007FF8B6171C94
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61A74D0 CRYPTO_free,CRYPTO_strdup,CRYPTO_free,2_2_00007FF8B61A74D0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61874D0 EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_clear_free,2_2_00007FF8B61874D0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171114 CRYPTO_zalloc,CRYPTO_free,2_2_00007FF8B6171114
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61791B0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8B61791B0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6172284 EVP_MD_size,EVP_CIPHER_iv_length,EVP_CIPHER_key_length,CRYPTO_clear_free,CRYPTO_malloc,2_2_00007FF8B6172284
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61714B5 ERR_put_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,2_2_00007FF8B61714B5
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61719EC CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,2_2_00007FF8B61719EC
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171FFF memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,_time64,2_2_00007FF8B6171FFF
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171A87 memcmp,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,memcmp,memcmp,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8B6171A87
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617194C ERR_put_error,ASN1_item_free,memcpy,memcpy,_time64,X509_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,ASN1_item_free,2_2_00007FF8B617194C
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617201D EVP_CIPHER_key_length,EVP_CIPHER_iv_length,CRYPTO_malloc,2_2_00007FF8B617201D
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61716F9 CRYPTO_free,2_2_00007FF8B61716F9
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171FB9 CRYPTO_free,2_2_00007FF8B6171FB9
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6187F60 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8B6187F60
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61CBF40 CRYPTO_memcmp,2_2_00007FF8B61CBF40
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171523 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8B6171523
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617DFE0 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,2_2_00007FF8B617DFE0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B618DFC0 COMP_zlib,CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl,2_2_00007FF8B618DFC0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B618C030 CRYPTO_zalloc,ERR_put_error,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,2_2_00007FF8B618C030
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617228E CRYPTO_free,CRYPTO_memdup,2_2_00007FF8B617228E
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171956 EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,strncmp,strncmp,strncmp,strncmp,strncmp,2_2_00007FF8B6171956
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61D0050 EVP_PKEY_get0_RSA,RSA_size,CRYPTO_malloc,RAND_priv_bytes,CRYPTO_free,2_2_00007FF8B61D0050
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6174094 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,2_2_00007FF8B6174094
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61860D8 CRYPTO_free,CRYPTO_strdup,2_2_00007FF8B61860D8
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61C3D30 CRYPTO_malloc,memcpy,2_2_00007FF8B61C3D30
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61716D1 CRYPTO_zalloc,ERR_put_error,2_2_00007FF8B61716D1
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6193D00 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8B6193D00
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61713FC EVP_MD_CTX_new,CRYPTO_memcmp,memcpy,memcpy,2_2_00007FF8B61713FC
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61CFD40 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,2_2_00007FF8B61CFD40
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61711B3 EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8B61711B3
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171C8A CRYPTO_free,CRYPTO_memdup,2_2_00007FF8B6171C8A
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61C1D90 CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8B61C1D90
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6172216 CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8B6172216
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6189DF0 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8B6189DF0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61711EA CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,CRYPTO_free,2_2_00007FF8B61711EA
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617DE20 CRYPTO_free,2_2_00007FF8B617DE20
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6179E30 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8B6179E30
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171FF0 CRYPTO_free,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,2_2_00007FF8B6171FF0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6172522 ERR_put_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8B6172522
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B618FE40 strncmp,strncmp,strncmp,strncmp,ERR_put_error,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,ERR_put_error,strncmp,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,2_2_00007FF8B618FE40
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617258B CRYPTO_free,CRYPTO_strdup,2_2_00007FF8B617258B
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61720B3 CRYPTO_free,CRYPTO_malloc,memcpy,2_2_00007FF8B61720B3
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61A7EE0 CRYPTO_free,2_2_00007FF8B61A7EE0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B618DED0 CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl,2_2_00007FF8B618DED0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617DED0 CRYPTO_free,2_2_00007FF8B617DED0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61AFB20 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8B61AFB20
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6172185 CONF_parse_list,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8B6172185
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6187B60 CRYPTO_zalloc,2_2_00007FF8B6187B60
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171122 CRYPTO_free,2_2_00007FF8B6171122
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B618FBE0 CRYPTO_zalloc,ERR_put_error,CRYPTO_free,2_2_00007FF8B618FBE0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6172220 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8B6172220
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61A7BD0 CRYPTO_free,2_2_00007FF8B61A7BD0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171974 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8B6171974
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61710F5 EVP_PKEY_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_new,RSA_pkey_ctx_ctrl,CRYPTO_free,EVP_MD_CTX_free,EVP_MD_CTX_free,2_2_00007FF8B61710F5
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61A3C30 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8B61A3C30
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171348 CRYPTO_zalloc,ERR_put_error,2_2_00007FF8B6171348
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617102D CRYPTO_malloc,COMP_expand_block,2_2_00007FF8B617102D
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61A7C40 CRYPTO_free,2_2_00007FF8B61A7C40
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61CDCA0 OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,memcmp,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,CRYPTO_memcmp,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8B61CDCA0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6185C90 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,2_2_00007FF8B6185C90
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61714FB EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8B61714FB
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61718DE CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8B61718DE
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171A64 CRYPTO_free,2_2_00007FF8B6171A64
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617129E CRYPTO_THREAD_run_once,2_2_00007FF8B617129E
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6195987 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8B6195987
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61C1990 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8B61C1990
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171438 ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8B6171438
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61A79E0 CRYPTO_free,2_2_00007FF8B61A79E0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61B79F0 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8B61B79F0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61979D0 X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8B61979D0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6177A20 CRYPTO_free,2_2_00007FF8B6177A20
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B619FA70 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8B619FA70
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61723BA CRYPTO_free,CRYPTO_memdup,2_2_00007FF8B61723BA
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61BBAA0 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8B61BBAA0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61A7A80 CRYPTO_free,CRYPTO_free,2_2_00007FF8B61A7A80
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61C8720 CRYPTO_memcmp,2_2_00007FF8B61C8720
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617101E CRYPTO_free,CRYPTO_free,2_2_00007FF8B617101E
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61A4820 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8B61A4820
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61C2820 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,2_2_00007FF8B61C2820
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171195 CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8B6171195
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61AA8B0 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8B61AA8B0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617214E CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,ENGINE_finish,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8B617214E
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171924 BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8B6171924
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61B08D0 CRYPTO_memcmp,2_2_00007FF8B61B08D0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171BC7 CRYPTO_strdup,CRYPTO_free,2_2_00007FF8B6171BC7
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61D0570 BN_bin2bn,BN_ucmp,BN_is_zero,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8B61D0570
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171762 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,2_2_00007FF8B6171762
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61B85D7 CRYPTO_clear_free,2_2_00007FF8B61B85D7
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61B0620 CRYPTO_free,CRYPTO_free,2_2_00007FF8B61B0620
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171C03 CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,2_2_00007FF8B6171C03
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617135C memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,2_2_00007FF8B617135C
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171FCD CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8B6171FCD
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171AC3 CRYPTO_malloc,ERR_put_error,CRYPTO_free,2_2_00007FF8B6171AC3
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61AA690 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8B61AA690
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6174690 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,2_2_00007FF8B6174690
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6172225 CRYPTO_free,2_2_00007FF8B6172225
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171BDB EVP_MD_size,RAND_bytes,_time64,CRYPTO_free,CRYPTO_memdup,2_2_00007FF8B6171BDB
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171E79 CRYPTO_free,CRYPTO_malloc,2_2_00007FF8B6171E79
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6172365 CRYPTO_free,CRYPTO_malloc,ERR_put_error,memcpy,2_2_00007FF8B6172365
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61715C8 EVP_MD_CTX_new,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_DigestSignFinal,EVP_DigestSign,BUF_reverse,CRYPTO_free,EVP_MD_CTX_free,CRYPTO_free,EVP_MD_CTX_free,2_2_00007FF8B61715C8
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61B0350 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8B61B0350
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171F32 CRYPTO_free,CRYPTO_malloc,RAND_bytes,2_2_00007FF8B6171F32
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61783E0 CRYPTO_zalloc,ERR_put_error,2_2_00007FF8B61783E0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61AA3F0 CRYPTO_memcmp,2_2_00007FF8B61AA3F0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171DBB BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_put_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8B6171DBB
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6192410 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FF8B6192410
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61C0460 CRYPTO_free,CRYPTO_free,CRYPTO_strndup,2_2_00007FF8B61C0460
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6174473 CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_set_data,BIO_clear_flags,2_2_00007FF8B6174473
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61722C0 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,2_2_00007FF8B61722C0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617240F CRYPTO_free,BIO_clear_flags,BIO_set_flags,BIO_snprintf,ERR_add_error_data,memcpy,2_2_00007FF8B617240F
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171F0F CRYPTO_free,2_2_00007FF8B6171F0F
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6178490 CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,2_2_00007FF8B6178490
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61719FB CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,2_2_00007FF8B61719FB
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171131 CRYPTO_free,2_2_00007FF8B6171131
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6188200 EVP_PKEY_CTX_new,EVP_PKEY_derive_init,EVP_PKEY_derive_set_peer,EVP_PKEY_derive,CRYPTO_malloc,EVP_PKEY_derive,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FF8B6188200
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B618E200 CRYPTO_THREAD_run_once,2_2_00007FF8B618E200
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171DCF CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,OPENSSL_cleanse,OPENSSL_cleanse,EVP_MD_size,2_2_00007FF8B6171DCF
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617E200 CRYPTO_malloc,2_2_00007FF8B617E200
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6186210 CRYPTO_free,2_2_00007FF8B6186210
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6196270 ERR_put_error,CRYPTO_free,ERR_put_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,2_2_00007FF8B6196270
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61D8240 CRYPTO_free,CRYPTO_malloc,ERR_put_error,2_2_00007FF8B61D8240
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61721BC CRYPTO_free,_time64,CRYPTO_free,CRYPTO_malloc,EVP_sha256,EVP_Digest,EVP_MD_size,CRYPTO_free,2_2_00007FF8B61721BC
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171B7C CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8B6171B7C
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171CB7 CRYPTO_clear_free,2_2_00007FF8B6171CB7
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61B8F1A CRYPTO_free,CRYPTO_free,2_2_00007FF8B61B8F1A
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617254F BIO_s_file,BIO_new,BIO_ctrl,strncmp,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,2_2_00007FF8B617254F
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61BAF10 CRYPTO_malloc,EVP_DigestUpdate,EVP_MD_CTX_free,EVP_PKEY_CTX_free,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,2_2_00007FF8B61BAF10
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171802 CRYPTO_strdup,2_2_00007FF8B6171802
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171A4B OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,CRYPTO_memcmp,2_2_00007FF8B6171A4B
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61C8FB0 CRYPTO_malloc,EVP_CIPHER_CTX_new,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,EVP_CIPHER_CTX_iv_length,EVP_CIPHER_iv_length,RAND_bytes,EVP_sha256,EVP_EncryptUpdate,EVP_EncryptFinal,HMAC_Update,HMAC_Final,2_2_00007FF8B61C8FB0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171A05 CRYPTO_zalloc,memcpy,memcpy,memcpy,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8B6171A05
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171069 CRYPTO_free,2_2_00007FF8B6171069
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61C3020 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,2_2_00007FF8B61C3020
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6172383 CRYPTO_malloc,2_2_00007FF8B6172383
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617177B EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key,EVP_sha256,EVP_DigestSignInit,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,_time64,EVP_MD_CTX_free,EVP_PKEY_free,EVP_MD_CTX_free,EVP_PKEY_free,2_2_00007FF8B617177B
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171047 EVP_PKEY_free,BN_num_bits,BN_bn2bin,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FF8B6171047
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61DD0B0 SRP_Calc_u,BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free,2_2_00007FF8B61DD0B0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171398 EVP_MD_CTX_new,EVP_PKEY_new,EVP_PKEY_assign,EVP_PKEY_security_bits,DH_free,EVP_PKEY_get0_DH,EVP_PKEY_free,DH_get0_key,EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,EVP_PKEY_size,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,CRYPTO_free,EVP_MD_CTX_free,2_2_00007FF8B6171398
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617115E OPENSSL_LH_insert,OPENSSL_LH_retrieve,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8B617115E
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B618CD10 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,2_2_00007FF8B618CD10
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617163B CRYPTO_free,CRYPTO_malloc,2_2_00007FF8B617163B
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61CAD6C CRYPTO_free,CRYPTO_memdup,2_2_00007FF8B61CAD6C
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6172207 ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,OPENSSL_LH_new,OPENSSL_sk_num,EVP_get_digestbyname,EVP_get_digestbyname,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,RAND_bytes,RAND_priv_bytes,RAND_priv_bytes,RAND_priv_bytes,2_2_00007FF8B6172207
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61BAD40 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,2_2_00007FF8B61BAD40
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61DCDA0 BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free,CRYPTO_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,2_2_00007FF8B61DCDA0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61B0DE0 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8B61B0DE0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B619CDC0 ERR_put_error,ERR_put_error,ERR_put_error,EVP_MD_size,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,d2i_X509,X509_get0_pubkey,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_put_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,ERR_put_error,2_2_00007FF8B619CDC0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6186DD7 CRYPTO_free,CRYPTO_strdup,2_2_00007FF8B6186DD7
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171078 CRYPTO_free,2_2_00007FF8B6171078
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171410 CRYPTO_malloc,ERR_put_error,BIO_snprintf,2_2_00007FF8B6171410
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6172306 CRYPTO_memcmp,memchr,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,2_2_00007FF8B6172306
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171E24 CRYPTO_malloc,2_2_00007FF8B6171E24
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6186EA3 CRYPTO_free,CRYPTO_strdup,2_2_00007FF8B6186EA3
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617AEA0 CRYPTO_free,2_2_00007FF8B617AEA0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61724F5 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8B61724F5
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B619CB10 CRYPTO_free,CRYPTO_free,2_2_00007FF8B619CB10
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61B8BAF CRYPTO_malloc,2_2_00007FF8B61B8BAF
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6172478 CRYPTO_malloc,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_put_error,CRYPTO_clear_free,2_2_00007FF8B6172478
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61B0BF0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8B61B0BF0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B619CC00 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,2_2_00007FF8B619CC00
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61A8C60 CRYPTO_zalloc,CRYPTO_free,2_2_00007FF8B61A8C60
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61A4C70 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,memcpy,2_2_00007FF8B61A4C70
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171983 CRYPTO_free,CRYPTO_memdup,memcmp,CRYPTO_memdup,2_2_00007FF8B6171983
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B618CCB0 CRYPTO_get_ex_new_index,2_2_00007FF8B618CCB0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617189D CRYPTO_malloc,ERR_put_error,2_2_00007FF8B617189D
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61BCCF0 EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8B61BCCF0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61C8CF0 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8B61C8CF0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617ECC0 EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,2_2_00007FF8B617ECC0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171393 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_clear_error,OPENSSL_sk_value,X509_get0_pubkey,X509_free,X509_up_ref,X509_free,OPENSSL_sk_pop_free,2_2_00007FF8B6171393
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B618C910 OPENSSL_sk_num,X509_STORE_CTX_new,ERR_put_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_put_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_put_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,2_2_00007FF8B618C910
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B619C970 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,2_2_00007FF8B619C970
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6178970 CRYPTO_free,2_2_00007FF8B6178970
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171D9D CRYPTO_THREAD_run_once,2_2_00007FF8B6171D9D
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617132A CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,2_2_00007FF8B617132A
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171D5C CRYPTO_clear_free,2_2_00007FF8B6171D5C
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6172464 CRYPTO_malloc,memcpy,2_2_00007FF8B6172464
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61C8AD0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8B61C8AD0
          Source: builded.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
          Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
          Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.0.dr
          Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: builded.exe, 00000000.00000003.2105042231.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2239535513.00007FF8B8B3B000.00000002.00000001.01000000.0000000A.sdmp
          Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: builded.exe, 00000002.00000002.2241677084.00007FF8BA4F3000.00000002.00000001.01000000.0000000C.sdmp, select.pyd.0.dr
          Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\pywintypes.pdb** source: builded.exe, 00000002.00000002.2238568534.00007FF8B7EE0000.00000002.00000001.01000000.0000000E.sdmp
          Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: builded.exe, 00000000.00000003.2107586824.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, _uuid.pyd.0.dr
          Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\win32ui.pdb source: win32ui.pyd.0.dr
          Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\win32trace.pdb source: win32trace.pyd.0.dr
          Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1l 24 Aug 2021built on: Thu Aug 26 18:34:57 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: builded.exe, 00000002.00000002.2234341395.00007FF8A885D000.00000002.00000001.01000000.00000014.sdmp
          Source: Binary string: D:\_w\1\b\bin\amd64\python310.pdb source: builded.exe, 00000002.00000002.2236120388.00007FF8A8C8D000.00000002.00000001.01000000.00000004.sdmp
          Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: builded.exe, 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmp
          Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: builded.exe, 00000000.00000003.2103915044.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2240440862.00007FF8B8F8D000.00000002.00000001.01000000.00000009.sdmp
          Source: Binary string: D:\_w\1\b\libssl-1_1.pdb?? source: builded.exe, 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmp
          Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\pythoncom.pdb source: builded.exe, 00000002.00000002.2237933900.00007FF8B7E7C000.00000002.00000001.01000000.00000010.sdmp
          Source: Binary string: D:\_w\1\b\bin\amd64\_multiprocessing.pdb source: builded.exe, 00000000.00000003.2105218033.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
          Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: builded.exe, 00000002.00000002.2234341395.00007FF8A885D000.00000002.00000001.01000000.00000014.sdmp
          Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: builded.exe, 00000000.00000003.2105389899.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2240269822.00007FF8B8F73000.00000002.00000001.01000000.00000012.sdmp
          Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: builded.exe, 00000000.00000003.2103560501.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2241376133.00007FF8BA251000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
          Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: builded.exe, 00000002.00000002.2237475467.00007FF8B78AD000.00000002.00000001.01000000.00000015.sdmp, _ssl.pyd.0.dr
          Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\pywintypes.pdb source: builded.exe, 00000002.00000002.2238568534.00007FF8B7EE0000.00000002.00000001.01000000.0000000E.sdmp
          Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: builded.exe, 00000000.00000003.2104902081.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2238907267.00007FF8B8167000.00000002.00000001.01000000.00000013.sdmp
          Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: builded.exe, 00000000.00000003.2105042231.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2239535513.00007FF8B8B3B000.00000002.00000001.01000000.0000000A.sdmp
          Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
          Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: builded.exe, 00000002.00000002.2240927502.00007FF8B93D0000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
          Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\pythoncom.pdb}},GCTL source: builded.exe, 00000002.00000002.2237933900.00007FF8B7E7C000.00000002.00000001.01000000.00000010.sdmp
          Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\win32api.pdb source: builded.exe, 00000002.00000002.2237715116.00007FF8B7E03000.00000002.00000001.01000000.00000011.sdmp, win32api.pyd.0.dr
          Source: Binary string: D:\_w\1\b\bin\amd64\pyexpat.pdb source: builded.exe, 00000002.00000002.2239115051.00007FF8B81A2000.00000002.00000001.01000000.0000000D.sdmp, pyexpat.pyd.0.dr
          Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\win32api.pdb!! source: builded.exe, 00000002.00000002.2237715116.00007FF8B7E03000.00000002.00000001.01000000.00000011.sdmp, win32api.pyd.0.dr
          Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: builded.exe, 00000000.00000003.2105505879.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2239338420.00007FF8B8B08000.00000002.00000001.01000000.0000000B.sdmp, _socket.pyd.0.dr
          Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: builded.exe, 00000002.00000002.2225363341.0000019401CA0000.00000002.00000001.01000000.00000006.sdmp
          Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
          Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: builded.exe, 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmp
          Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: builded.exe, 00000000.00000003.2103717117.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2241122443.00007FF8B9845000.00000002.00000001.01000000.0000000F.sdmp
          Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\win32ui.pdbOO source: win32ui.pyd.0.dr
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B283B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7A3B283B0
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B292F0 FindFirstFileExW,FindClose,0_2_00007FF7A3B292F0
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B418E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7A3B418E4
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B292F0 FindFirstFileExW,FindClose,2_2_00007FF7A3B292F0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B283B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF7A3B283B0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B418E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF7A3B418E4
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8613229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,2_2_00007FF8A8613229
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficDNS traffic detected: DNS query: webhook.my
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
          Source: builded.exe, 00000002.00000002.2230655305.00000194030E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://aka.ms/vcpython27
          Source: builded.exe, 00000000.00000003.2106192195.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105042231.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104902081.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104248782.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104595503.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2106584149.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105505879.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2103915044.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
          Source: builded.exe, 00000000.00000003.2106192195.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105042231.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104902081.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104248782.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104595503.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2106584149.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105505879.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2103915044.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.dr, _multiprocessing.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
          Source: builded.exe, 00000000.00000003.2106192195.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105042231.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104902081.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104248782.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104595503.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2106584149.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105505879.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2103915044.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.dr, _multiprocessing.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
          Source: builded.exe, 00000002.00000003.2215367100.0000019402E60000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2215532950.0000019402E62000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2229085288.0000019402E63000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2216494704.0000019402E63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
          Source: builded.exe, 00000002.00000002.2230273469.0000019402FCD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213023278.0000019402FC9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213333916.0000019402FCA000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212600609.0000019402FC8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2232296527.000001940362E000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212471062.0000019402FA8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212442048.0000019402F9C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212225092.0000019402F96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
          Source: builded.exe, 00000002.00000003.2217437739.0000019400229000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213973304.0000019402DFD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2224875265.0000019400229000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211419796.0000019402DF5000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206091047.0000019402DC8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2228911914.0000019402E02000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2215574688.0000019402E00000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2217957882.0000019402E01000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2205771887.0000019402DC5000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2208175346.0000019400226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
          Source: builded.exe, 00000002.00000002.2229154751.0000019402EB6000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2207908188.000001940261E000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212073828.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212332520.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2208050372.0000019402622000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213196538.0000019402630000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213157638.0000019402EB3000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2208381063.000001940262F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
          Source: builded.exe, 00000002.00000002.2230273469.0000019402FCD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213023278.0000019402FC9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213333916.0000019402FCA000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212600609.0000019402FC8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212471062.0000019402FA8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212442048.0000019402F9C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212225092.0000019402F96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
          Source: builded.exe, 00000002.00000002.2232296527.000001940362E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
          Source: builded.exe, 00000002.00000003.2213289393.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2229085288.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2218208743.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212073828.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212332520.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
          Source: builded.exe, 00000002.00000003.2211909452.0000019402EFC000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
          Source: builded.exe, 00000002.00000003.2213289393.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2229085288.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2218208743.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212073828.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212332520.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crlB
          Source: builded.exe, 00000002.00000003.2212073828.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212332520.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213157638.0000019402EB3000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
          Source: builded.exe, 00000002.00000003.2211909452.0000019402EFC000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
          Source: builded.exe, 00000002.00000003.2212073828.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212332520.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213157638.0000019402EB3000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crlRLopener._
          Source: builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
          Source: builded.exe, 00000002.00000003.2213973304.0000019402DFD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211419796.0000019402DF5000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206091047.0000019402DC8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2228911914.0000019402E02000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2215574688.0000019402E00000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2217957882.0000019402E01000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2205771887.0000019402DC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
          Source: builded.exe, 00000000.00000003.2103915044.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digi
          Source: builded.exe, 00000000.00000003.2105505879.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/
          Source: builded.exe, 00000000.00000003.2106192195.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105042231.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104902081.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104248782.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104595503.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2106584149.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105505879.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2103915044.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.dr, _multiprocessing.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
          Source: builded.exe, 00000000.00000003.2106192195.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105042231.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104902081.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104248782.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104595503.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2106584149.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105505879.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2103915044.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.dr, _multiprocessing.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
          Source: builded.exe, 00000000.00000003.2106192195.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105042231.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104902081.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104248782.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104595503.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2106584149.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105505879.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2103915044.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.dr, _multiprocessing.pyd.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
          Source: builded.exe, 00000000.00000003.2106192195.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105042231.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104902081.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104248782.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104595503.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2106584149.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105505879.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2103915044.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.dr, _multiprocessing.pyd.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
          Source: builded.exe, 00000000.00000003.2106192195.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105042231.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104902081.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104248782.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104595503.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2106584149.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105505879.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2103915044.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
          Source: builded.exe, 00000000.00000003.2106192195.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105042231.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104902081.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104248782.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104595503.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2106584149.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105505879.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2103915044.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.dr, _multiprocessing.pyd.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
          Source: builded.exe, 00000000.00000003.2106192195.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105042231.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104902081.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104248782.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104595503.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2106584149.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105505879.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2103915044.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.dr, _multiprocessing.pyd.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
          Source: builded.exe, 00000002.00000003.2207509222.0000019402422000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2207209080.0000019402C51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf);
          Source: builded.exe, 00000002.00000002.2231186387.0000019403410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
          Source: builded.exe, 00000002.00000003.2214385703.00000194025F5000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2134754188.0000019402431000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2134602070.0000019402C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/pprint.html#pprint.pprint
          Source: builded.exe, 00000002.00000002.2230415130.0000019402FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
          Source: builded.exe, 00000002.00000002.2227373807.0000019402AE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/ActiveState/appdirs
          Source: builded.exe, 00000002.00000002.2229060934.0000019402E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
          Source: builded.exe, 00000002.00000003.2215333433.0000019402DF0000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206091047.0000019402DC8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2217957882.0000019402DF2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2216717503.0000019402DF2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2205771887.0000019402DC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
          Source: builded.exe, 00000002.00000003.2206561494.0000019402D13000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2205771887.0000019402CB9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214058925.0000019402D35000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211220075.0000019402D2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
          Source: builded.exe, 00000002.00000003.2207966068.0000019402CB9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212632731.0000019402CB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
          Source: METADATA0.0.drString found in binary or memory: http://mail.python.org/pipermail/distutils-sig/
          Source: builded.exe, 00000002.00000003.2212914415.0000019402F9D000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212442048.0000019402F9C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2229610004.0000019402F9D000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212225092.0000019402F96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
          Source: builded.exe, 00000002.00000003.2212225092.0000019402F96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
          Source: builded.exe, 00000000.00000003.2106192195.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105042231.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104902081.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104248782.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104595503.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2106584149.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105505879.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2103915044.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
          Source: builded.exe, 00000000.00000003.2106192195.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105042231.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104902081.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104248782.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104595503.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2106584149.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105505879.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2103915044.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.dr, _multiprocessing.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0N
          Source: builded.exe, 00000000.00000003.2106192195.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105042231.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104902081.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104248782.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104595503.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2106584149.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105505879.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2103915044.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.dr, _multiprocessing.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0O
          Source: builded.exe, 00000002.00000003.2133566440.0000019402612000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2227161670.00000194028E0000.00000004.00001000.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2227038840.00000194027E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
          Source: builded.exe, 00000002.00000003.2134602070.0000019402C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pyparsing.wikispaces.com
          Source: builded.exe, 00000002.00000002.2229468058.0000019402F4D000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212332520.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2207966068.0000019402CAA000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2217831700.0000019402CB1000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213157638.0000019402EB3000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2228137811.0000019402CB1000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
          Source: builded.exe, 00000002.00000002.2229154751.0000019402EB6000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213157638.0000019402EB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/JJ
          Source: builded.exe, 00000002.00000003.2212073828.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212332520.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213157638.0000019402EB3000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/O
          Source: builded.exe, 00000002.00000002.2230415130.0000019402FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/19622133/
          Source: builded.exe, 00000002.00000003.2206179860.0000019402422000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2208530618.000001940272A000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2210176314.000001940272B000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2209550869.000001940272A000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2135757851.000001940272A000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2226850582.000001940272C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2134602070.0000019402BE1000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206716240.000001940272A000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2219246007.000001940272C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211585629.000001940272C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2209398619.0000019402427000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214428837.000001940272C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2134602070.0000019402C20000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2207509222.0000019402422000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular-
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
          Source: builded.exe, 00000002.00000003.2212914415.0000019402F9D000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212442048.0000019402F9C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2229610004.0000019402F9D000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212225092.0000019402F96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
          Source: builded.exe, 00000002.00000003.2212729494.0000019402F08000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211909452.0000019402EFC000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211941468.0000019402F05000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
          Source: builded.exe, 00000002.00000003.2212225092.0000019402F96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
          Source: builded.exe, 00000002.00000003.2208530618.000001940272A000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2210176314.000001940272B000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2209550869.000001940272A000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2226850582.000001940272C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206716240.000001940272A000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2219246007.000001940272C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211585629.000001940272C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214428837.000001940272C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
          Source: builded.exe, 00000002.00000003.2212225092.0000019402F96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
          Source: builded.exe, 00000002.00000003.2208530618.000001940272A000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2210176314.000001940272B000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2209550869.000001940272A000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2226850582.000001940272C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206716240.000001940272A000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2219246007.000001940272C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211585629.000001940272C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214428837.000001940272C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212225092.0000019402F96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
          Source: builded.exe, 00000002.00000002.2227277816.00000194029E0000.00000004.00001000.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2133566440.0000019402612000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
          Source: builded.exe, 00000002.00000003.2212914415.0000019402FA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213023278.0000019402FAA000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213635058.0000019402FC2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2230166628.0000019402FC3000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212471062.0000019402FA8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213076566.0000019402FB5000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212442048.0000019402F9C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212225092.0000019402F96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
          Source: builded.exe, 00000000.00000003.2106192195.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105042231.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104902081.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104248782.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104595503.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2106584149.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105505879.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2103915044.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.dr, _multiprocessing.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
          Source: builded.exe, 00000002.00000003.2212842134.0000019403630000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2215367100.0000019402E60000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2232408060.0000019403636000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213549647.0000019403634000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2215532950.0000019402E62000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2229085288.0000019402E63000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2216494704.0000019402E63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
          Source: builded.exe, 00000002.00000003.2206561494.0000019402D13000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2205771887.0000019402CB9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214058925.0000019402D35000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211220075.0000019402D2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
          Source: builded.exe, 00000002.00000002.2229248948.0000019402EF5000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213351253.0000019402EC6000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213384788.0000019402EF2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212073828.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212259966.0000019402EBA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
          Source: builded.exe, 00000002.00000002.2229154751.0000019402EB6000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212073828.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212332520.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213157638.0000019402EB3000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
          Source: builded.exe, 00000002.00000003.2213973304.0000019402DFD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211419796.0000019402DF5000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206091047.0000019402DC8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2217957882.0000019402DFF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2205771887.0000019402DC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://aliexpress.com)
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://amazon.com)
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://binance.com)
          Source: METADATA0.0.drString found in binary or memory: https://blog.jaraco.com/skeleton
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/avatars/
          Source: _cffi_backend.cp310-win_amd64.pyd.0.drString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://checkip.amazonaws.com
          Source: METADATA0.0.drString found in binary or memory: https://codecov.io/gh/pypa/setuptools
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://coinbase.com)
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crunchyroll.com)
          Source: builded.exe, 00000000.00000003.2109171323.000002E54ACB5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io
          Source: METADATA.0.drString found in binary or memory: https://cryptography.io/
          Source: builded.exe, 00000000.00000003.2109171323.000002E54ACB5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
          Source: builded.exe, 00000000.00000003.2109171323.000002E54ACB5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/installation/
          Source: builded.exe, 00000000.00000003.2109171323.000002E54ACB5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/security/
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com)
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/users/
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v6/guilds/
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v6/users/
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/users/
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.gg/
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.gift/
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discordapp.com/api/v6/users/
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://disney.com)
          Source: builded.exe, 00000002.00000003.2128523396.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2225189310.0000019401BA0000.00000004.00001000.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128732316.000001940029F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128523396.0000019400233000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
          Source: builded.exe, 00000002.00000003.2128523396.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128732316.000001940029F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128523396.0000019400233000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2225189310.0000019401C28000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
          Source: builded.exe, 00000002.00000003.2128523396.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2225189310.0000019401BA0000.00000004.00001000.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128732316.000001940029F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128523396.0000019400233000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
          Source: builded.exe, 00000002.00000003.2128523396.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128732316.000001940029F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128523396.0000019400233000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2225189310.0000019401C28000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
          Source: builded.exe, 00000002.00000003.2128523396.0000019400233000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2225189310.0000019401C28000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
          Source: builded.exe, 00000002.00000003.2128523396.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128523396.0000019400233000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2225189310.0000019401C28000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
          Source: builded.exe, 00000002.00000002.2225189310.0000019401BA0000.00000004.00001000.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128523396.0000019400233000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
          Source: builded.exe, 00000002.00000003.2128523396.0000019400233000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2225189310.0000019401C28000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
          Source: builded.exe, 00000002.00000003.2128523396.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2225050186.0000019400293000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2130215745.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2130039106.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212143134.000001940028C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2217039368.0000019400293000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2130458610.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128732316.000001940029F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2129076923.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128523396.0000019400233000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2209872602.0000019400259000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214464910.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2131042500.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2129685820.000001940026C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2208175346.0000019400226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ebay.com)
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://epicgames.com)
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://expressvpn.com)
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://geolocation-db.com/jsonp/
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com)
          Source: builded.exe, 00000002.00000003.2211585629.0000019402725000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2229178571.0000019402EBD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2209550869.0000019402717000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2208530618.0000019402716000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212073828.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2209118349.0000019402716000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206716240.0000019402716000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214544629.0000019402EBB000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2216424480.0000019402EBD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212259966.0000019402EBA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
          Source: builded.exe, 00000002.00000003.2128523396.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2225050186.0000019400293000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2130215745.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2130039106.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212143134.000001940028C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2217039368.0000019400293000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2130458610.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128732316.000001940029F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2129076923.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128523396.0000019400233000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2209872602.0000019400259000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214464910.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2131042500.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2129685820.000001940026C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2208175346.0000019400226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fernet/spec/blob/master/Spec.md
          Source: builded.exe, builded.exe, 00000002.00000002.2238727022.00007FF8B7EF1000.00000002.00000001.01000000.0000000E.sdmp, builded.exe, 00000002.00000002.2238321712.00007FF8B7EC4000.00000002.00000001.01000000.00000010.sdmp, builded.exe, 00000002.00000002.2237787891.00007FF8B7E11000.00000002.00000001.01000000.00000011.sdmp, win32api.pyd.0.dr, win32trace.pyd.0.dr, win32ui.pyd.0.drString found in binary or memory: https://github.com/mhammond/pywin32
          Source: METADATA0.0.drString found in binary or memory: https://github.com/psf/black
          Source: builded.exe, 00000002.00000003.2205771887.0000019402C87000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212632731.0000019402CB1000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213674713.0000019402CB1000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2207966068.0000019402CAA000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2217831700.0000019402CB1000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2228137811.0000019402CB1000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2231420988.0000019403578000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
          Source: builded.exe, 00000000.00000003.2109171323.000002E54ACB5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography
          Source: builded.exe, 00000000.00000003.2109171323.000002E54ACB5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/
          Source: builded.exe, 00000000.00000003.2109171323.000002E54ACB5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
          Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
          Source: builded.exe, 00000000.00000003.2109171323.000002E54ACB5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
          Source: METADATA0.0.drString found in binary or memory: https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md
          Source: builded.exe, 00000002.00000002.2230655305.00000194030E0000.00000004.00001000.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2227373807.0000019402AE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
          Source: builded.exe, 00000002.00000002.2227373807.0000019402AE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packagingabout__.pyc
          Source: builded.exe, 00000002.00000002.2230655305.00000194030E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packagingut__.pyc
          Source: METADATA0.0.drString found in binary or memory: https://github.com/pypa/setuptools
          Source: METADATA0.0.drString found in binary or memory: https://github.com/pypa/setuptools/actions?query=workflow%3A%22tests%22
          Source: METADATA0.0.drString found in binary or memory: https://github.com/pypa/setuptools/issues
          Source: builded.exe, 00000002.00000002.2227373807.0000019402AE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
          Source: builded.exe, 00000002.00000002.2227038840.00000194027E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
          Source: METADATA0.0.drString found in binary or memory: https://github.com/pypa/setuptools/workflows/tests/badge.svg
          Source: builded.exe, 00000002.00000003.2128523396.0000019400233000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2225189310.0000019401C28000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
          Source: builded.exe, 00000002.00000003.2208175346.0000019400226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
          Source: builded.exe, 00000002.00000003.2128523396.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2225050186.0000019400293000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2130215745.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2130039106.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212143134.000001940028C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2217039368.0000019400293000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2130458610.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128732316.000001940029F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2129076923.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128523396.0000019400233000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2209872602.0000019400259000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214464910.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2131042500.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2129685820.000001940026C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2208175346.0000019400226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
          Source: builded.exe, 00000002.00000003.2208346038.000001940261F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2218859946.00000194026C3000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2215067262.00000194026C1000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211145578.0000019402621000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206716240.0000019402676000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2134984384.000001940261E000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2207908188.000001940261E000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2208530618.00000194026C0000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206896459.00000194026A3000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2208976139.0000019402620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/mypy/issues/3216
          Source: builded.exe, 00000002.00000003.2128523396.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2225050186.0000019400293000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2130215745.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2130039106.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212143134.000001940028C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2217039368.0000019400293000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2130458610.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128732316.000001940029F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2129076923.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128523396.0000019400233000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2209872602.0000019400259000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214464910.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2131042500.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2129685820.000001940026C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2208175346.0000019400226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
          Source: builded.exe, 00000002.00000003.2212400705.0000019402CF6000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2216233925.0000019402CF7000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2205771887.0000019402CB9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2216380371.0000019402CF9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2207966068.0000019402CB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
          Source: builded.exe, 00000002.00000002.2230984159.00000194032F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
          Source: builded.exe, 00000002.00000002.2230984159.000001940332C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gmail.com)
          Source: builded.exe, 00000002.00000003.2206179860.0000019402422000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214297997.000001940242C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213973304.0000019402DFD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211419796.0000019402DF5000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206091047.0000019402DC8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214492268.0000019402E17000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2209398619.0000019402427000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2217957882.0000019402E1C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2205771887.0000019402DC5000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214664979.0000019402E8D000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2207509222.0000019402422000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
          Source: builded.exe, 00000002.00000003.2213973304.0000019402DFD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211419796.0000019402DF5000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206091047.0000019402DC8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214492268.0000019402E17000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2217957882.0000019402E1C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2205771887.0000019402DC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
          Source: builded.exe, 00000002.00000003.2205771887.0000019402DC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hbo.com)
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hotmail.com)
          Source: builded.exe, 00000002.00000003.2213973304.0000019402DFD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2228977379.0000019402E1D000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211419796.0000019402DF5000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206091047.0000019402DC8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214492268.0000019402E17000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2217957882.0000019402E1C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2205771887.0000019402DC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
          Source: builded.exe, 00000002.00000003.2207509222.0000019402422000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
          Source: builded.exe, 00000002.00000002.2230655305.00000194030E0000.00000004.00001000.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212073828.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2216063450.00000194024BD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214544629.0000019402EBB000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2216797852.00000194024CD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2209977476.0000019402448000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2215942281.000001940243A000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2209398619.0000019402427000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213528235.0000019402F90000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2225882200.0000019402430000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2208226087.0000019402435000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212259966.0000019402EBA000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211470147.00000194024A9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2207509222.0000019402422000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2217098110.00000194024CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
          Source: builded.exe, 00000002.00000002.2228484048.0000019402D6C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2205771887.0000019402D6C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214058925.0000019402D6C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211220075.0000019402D6C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206561494.0000019402D6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
          Source: METADATA0.0.drString found in binary or memory: https://img.shields.io/badge/code%20style-black-000000.svg
          Source: METADATA0.0.drString found in binary or memory: https://img.shields.io/badge/skeleton-2021-informational
          Source: METADATA0.0.drString found in binary or memory: https://img.shields.io/codecov/c/github/pypa/setuptools/master.svg?logo=codecov&logoColor=white
          Source: METADATA0.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/setuptools.svg
          Source: builded.exe, 00000000.00000003.2109171323.000002E54ACB5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
          Source: METADATA0.0.drString found in binary or memory: https://img.shields.io/pypi/v/setuptools.svg
          Source: METADATA0.0.drString found in binary or memory: https://img.shields.io/readthedocs/setuptools/latest.svg
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://instagram.com)
          Source: builded.exe, 00000002.00000003.2214664979.0000019402E90000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402E8E000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2218208743.0000019402E91000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212073828.0000019402E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
          Source: builded.exe, 00000000.00000003.2109171323.000002E54ACB5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://media.discordapp.net/attachments/1111364024408494140/1111364181032177766/cs.png
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://minecraft.net)
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://netflix.com)
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://origin.com)
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://outlook.com)
          Source: METADATA0.0.drString found in binary or memory: https://packaging.python.org/installing/
          Source: builded.exe, 00000002.00000002.2230655305.00000194030E0000.00000004.00001000.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2230984159.00000194032F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://paypal.com)
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://playstation.com)
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pornhub.com)
          Source: builded.exe, 00000000.00000003.2109171323.000002E54ACB5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/cryptography/
          Source: METADATA0.0.drString found in binary or memory: https://pypi.org/project/setuptools
          Source: builded.exe, 00000002.00000002.2236120388.00007FF8A8C8D000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://python.org/dev/peps/pep-0263/
          Source: builded.exe, 00000000.00000003.2109171323.000002E54ACB5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
          Source: builded.exe, 00000002.00000002.2228484048.0000019402D6C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2205771887.0000019402D6C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2231186387.00000194034DC000.00000004.00001000.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214058925.0000019402D6C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211220075.0000019402D6C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206561494.0000019402D6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
          Source: builded.exe, 00000002.00000002.2231186387.00000194034DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.iopxN
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://riotgames.com)
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://roblox.com)
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sellix.io)
          Source: METADATA0.0.drString found in binary or memory: https://setuptools.readthedocs.io
          Source: METADATA0.0.drString found in binary or memory: https://setuptools.readthedocs.io/
          Source: builded.exe, 00000002.00000003.2211800866.00000194024A9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206688703.00000194024A6000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2133161590.0000019402723000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2132134180.0000019402723000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2209280264.00000194024A7000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206179860.000001940245A000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2219786821.00000194024A9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2132507450.00000194026D3000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2132367491.00000194026CC000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2132507450.0000019402723000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2135643249.000001940245A000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2134754188.0000019402431000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2226132483.00000194024A9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211470147.00000194024A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.readthedocs.io/en/latest/pkg_resources.html#basic-resource-access
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://spotify.com)
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stake.com)
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steam.com)
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://telegram.com)
          Source: METADATA0.0.drString found in binary or memory: https://tidelift.com/badges/github/pypa/setuptools?style=flat
          Source: METADATA0.0.drString found in binary or memory: https://tidelift.com/security
          Source: METADATA0.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=readme
          Source: METADATA0.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=referral
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com)
          Source: builded.exe, 00000002.00000003.2211361574.0000019402C82000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206070893.0000019402C7A000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213674713.0000019402C82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitch.com)
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com)
          Source: builded.exe, 00000002.00000003.2206179860.0000019402422000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214297997.000001940242C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2209398619.0000019402427000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214664979.0000019402E8D000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2207509222.0000019402422000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://uber.com)
          Source: builded.exe, 00000002.00000002.2227161670.00000194028E0000.00000004.00001000.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2230415130.0000019402FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://upload.pypi.org/legacy/
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
          Source: builded.exe, 00000002.00000002.2230984159.00000194032F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#socks-proxies
          Source: builded.exe, 00000002.00000002.2230984159.00000194032F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#socks-proxiesI
          Source: builded.exe, 00000002.00000002.2230655305.00000194030E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
          Source: builded.exe, 00000002.00000002.2231420988.0000019403598000.00000004.00001000.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212291501.0000019402D6F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2205771887.0000019402D6C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2210331897.0000019402D6E000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2217411194.0000019402D6F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206561494.0000019402D6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webhook.my/1.txt
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webhook.my/hi.txt
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webhook.my/post?uniqueid=2eac2fc1
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webhook.my/uploads
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webhook.my/words.txt
          Source: builded.exe, 00000002.00000003.2215429838.0000019400253000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2216156282.0000019400254000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2208175346.0000019400226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wiki.debian.org/XDGBaseDirectorySpecification#state
          Source: LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/
          Source: LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
          Source: builded.exe, 00000000.00000003.2106192195.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105042231.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104902081.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105218033.000002E54ACBF000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105389899.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104248782.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2104595503.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2106584149.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2105505879.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2107586824.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000000.00000003.2103915044.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: https://www.digicert.com/CPS0
          Source: builded.exe, 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmp, builded.exe, 00000002.00000002.2235276694.00007FF8A8954000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://www.openssl.org/H
          Source: builded.exe, 00000002.00000002.2228484048.0000019402D6C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2205771887.0000019402D6C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214058925.0000019402D6C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211220075.0000019402D6C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206561494.0000019402D6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
          Source: builded.exe, 00000002.00000003.2214664979.0000019402E90000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402E8E000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2218208743.0000019402E91000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212073828.0000019402E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
          Source: builded.exe, 00000000.00000003.2107935191.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2227038840.00000194027E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
          Source: builded.exe, 00000002.00000002.2225189310.0000019401BA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
          Source: builded.exe, 00000002.00000003.2215367100.0000019402E60000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2216494704.0000019402E61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
          Source: builded.exe, 00000002.00000003.2212914415.0000019402F98000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212225092.0000019402F96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
          Source: builded.exe, 00000002.00000002.2230273469.0000019402FCD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213023278.0000019402FC9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213333916.0000019402FCA000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212600609.0000019402FC8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2232296527.000001940362E000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212471062.0000019402FA8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212442048.0000019402F9C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212225092.0000019402F96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://xbox.com)
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com)
          Source: builded.exe, 00000002.00000003.2213973304.0000019402DFD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211419796.0000019402DF5000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206091047.0000019402DC8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214492268.0000019402E17000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2217957882.0000019402E1C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2205771887.0000019402DC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://youtube.com)
          Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B45C700_2_00007FF7A3B45C70
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B28BD00_2_00007FF7A3B28BD0
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B469D40_2_00007FF7A3B469D4
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B409380_2_00007FF7A3B40938
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B210000_2_00007FF7A3B21000
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B2A4E40_2_00007FF7A3B2A4E4
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B43C800_2_00007FF7A3B43C80
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B32C800_2_00007FF7A3B32C80
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B464880_2_00007FF7A3B46488
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B409380_2_00007FF7A3B40938
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B31BC00_2_00007FF7A3B31BC0
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B2A34B0_2_00007FF7A3B2A34B
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B3DACC0_2_00007FF7A3B3DACC
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B33A140_2_00007FF7A3B33A14
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B319B40_2_00007FF7A3B319B4
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B321D40_2_00007FF7A3B321D4
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B4411C0_2_00007FF7A3B4411C
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B381540_2_00007FF7A3B38154
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B418E40_2_00007FF7A3B418E4
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B298700_2_00007FF7A3B29870
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B388040_2_00007FF7A3B38804
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B497980_2_00007FF7A3B49798
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B317B00_2_00007FF7A3B317B0
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B31FD00_2_00007FF7A3B31FD0
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B3DF600_2_00007FF7A3B3DF60
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B45EEC0_2_00007FF7A3B45EEC
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B39F100_2_00007FF7A3B39F10
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B3E5E00_2_00007FF7A3B3E5E0
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B336100_2_00007FF7A3B33610
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B35DA00_2_00007FF7A3B35DA0
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B31DC40_2_00007FF7A3B31DC4
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B2AD1D0_2_00007FF7A3B2AD1D
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B2A34B2_2_00007FF7A3B2A34B
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B469D42_2_00007FF7A3B469D4
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B210002_2_00007FF7A3B21000
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B2A4E42_2_00007FF7A3B2A4E4
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B45C702_2_00007FF7A3B45C70
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B43C802_2_00007FF7A3B43C80
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B32C802_2_00007FF7A3B32C80
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B464882_2_00007FF7A3B46488
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B409382_2_00007FF7A3B40938
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B31BC02_2_00007FF7A3B31BC0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B28BD02_2_00007FF7A3B28BD0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B3DACC2_2_00007FF7A3B3DACC
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B33A142_2_00007FF7A3B33A14
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B319B42_2_00007FF7A3B319B4
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B321D42_2_00007FF7A3B321D4
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B4411C2_2_00007FF7A3B4411C
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B409382_2_00007FF7A3B40938
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B381542_2_00007FF7A3B38154
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B418E42_2_00007FF7A3B418E4
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B298702_2_00007FF7A3B29870
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B388042_2_00007FF7A3B38804
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B497982_2_00007FF7A3B49798
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B317B02_2_00007FF7A3B317B0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B31FD02_2_00007FF7A3B31FD0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B3DF602_2_00007FF7A3B3DF60
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B45EEC2_2_00007FF7A3B45EEC
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B39F102_2_00007FF7A3B39F10
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B3E5E02_2_00007FF7A3B3E5E0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B336102_2_00007FF7A3B33610
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B35DA02_2_00007FF7A3B35DA0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B31DC42_2_00007FF7A3B31DC4
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B2AD1D2_2_00007FF7A3B2AD1D
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A84F12F02_2_00007FF8A84F12F0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A84F18D02_2_00007FF8A84F18D0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86123F12_2_00007FF8A86123F1
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8614E492_2_00007FF8A8614E49
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86122AC2_2_00007FF8A86122AC
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86111CC2_2_00007FF8A86111CC
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A861275C2_2_00007FF8A861275C
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8615D9E2_2_00007FF8A8615D9E
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8616D572_2_00007FF8A8616D57
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A874AD502_2_00007FF8A874AD50
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86F2E702_2_00007FF8A86F2E70
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8614CFF2_2_00007FF8A8614CFF
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86110AA2_2_00007FF8A86110AA
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8611B222_2_00007FF8A8611B22
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A862EF002_2_00007FF8A862EF00
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86172BB2_2_00007FF8A86172BB
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A861213F2_2_00007FF8A861213F
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A861144C2_2_00007FF8A861144C
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A862F0602_2_00007FF8A862F060
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A87470202_2_00007FF8A8747020
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86143FE2_2_00007FF8A86143FE
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86112172_2_00007FF8A8611217
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A87C62902_2_00007FF8A87C6290
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8611B312_2_00007FF8A8611B31
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86114242_2_00007FF8A8611424
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8615E202_2_00007FF8A8615E20
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8611A4B2_2_00007FF8A8611A4B
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A87426702_2_00007FF8A8742670
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8616FF52_2_00007FF8A8616FF5
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A861655A2_2_00007FF8A861655A
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86146792_2_00007FF8A8614679
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A87C79802_2_00007FF8A87C7980
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8614F392_2_00007FF8A8614F39
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A861216C2_2_00007FF8A861216C
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86141602_2_00007FF8A8614160
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A867FA002_2_00007FF8A867FA00
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A87AFA102_2_00007FF8A87AFA10
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A874FB402_2_00007FF8A874FB40
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86150A62_2_00007FF8A86150A6
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A861724D2_2_00007FF8A861724D
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A862BD602_2_00007FF8A862BD60
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86122892_2_00007FF8A8612289
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8612D0B2_2_00007FF8A8612D0B
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A873FE602_2_00007FF8A873FE60
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A861266C2_2_00007FF8A861266C
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A862BF202_2_00007FF8A862BF20
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86140FC2_2_00007FF8A86140FC
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86147412_2_00007FF8A8614741
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A861114F2_2_00007FF8A861114F
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86129CD2_2_00007FF8A86129CD
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A87C71D02_2_00007FF8A87C71D0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A861659B2_2_00007FF8A861659B
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86168C52_2_00007FF8A86168C5
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A862F2002_2_00007FF8A862F200
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8616EEC2_2_00007FF8A8616EEC
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8611EA12_2_00007FF8A8611EA1
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8615F0B2_2_00007FF8A8615F0B
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86151642_2_00007FF8A8615164
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86153A32_2_00007FF8A86153A3
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A863B4C02_2_00007FF8A863B4C0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8615D852_2_00007FF8A8615D85
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86154C52_2_00007FF8A86154C5
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A861542A2_2_00007FF8A861542A
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86115C82_2_00007FF8A86115C8
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A861655F2_2_00007FF8A861655F
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86121B72_2_00007FF8A86121B7
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A863B8502_2_00007FF8A863B850
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A861609B2_2_00007FF8A861609B
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A87478002_2_00007FF8A8747800
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8614C0F2_2_00007FF8A8614C0F
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A861177B2_2_00007FF8A861177B
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8614A4F2_2_00007FF8A8614A4F
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8612D742_2_00007FF8A8612D74
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8614B512_2_00007FF8A8614B51
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8612FCC2_2_00007FF8A8612FCC
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A87B0B502_2_00007FF8A87B0B50
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86126E92_2_00007FF8A86126E9
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86122FC2_2_00007FF8A86122FC
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8616EBA2_2_00007FF8A8616EBA
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86111402_2_00007FF8A8611140
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A861592A2_2_00007FF8A861592A
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A873CFC02_2_00007FF8A873CFC0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8615B0A2_2_00007FF8A8615B0A
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A861462E2_2_00007FF8A861462E
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A861362F2_2_00007FF8A861362F
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86131892_2_00007FF8A8613189
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8611D892_2_00007FF8A8611D89
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8612E8C2_2_00007FF8A8612E8C
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8615B6E2_2_00007FF8A8615B6E
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A861378D2_2_00007FF8A861378D
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86143542_2_00007FF8A8614354
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86157CC2_2_00007FF8A86157CC
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86134862_2_00007FF8A8613486
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A862C4802_2_00007FF8A862C480
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8612C752_2_00007FF8A8612C75
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A862C6202_2_00007FF8A862C620
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86C06E02_2_00007FF8A86C06E0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86125EF2_2_00007FF8A86125EF
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A873C6202_2_00007FF8A873C620
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86170722_2_00007FF8A8617072
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8615A5B2_2_00007FF8A8615A5B
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8616C1C2_2_00007FF8A8616C1C
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86160D72_2_00007FF8A86160D7
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86169E22_2_00007FF8A86169E2
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8611CC12_2_00007FF8A8611CC1
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86159F22_2_00007FF8A86159F2
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A87C59F02_2_00007FF8A87C59F0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86170402_2_00007FF8A8617040
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86153BC2_2_00007FF8A86153BC
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8613FD52_2_00007FF8A8613FD5
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8614AC02_2_00007FF8A8614AC0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A87B1A902_2_00007FF8A87B1A90
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A884DA802_2_00007FF8A884DA80
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8616A822_2_00007FF8A8616A82
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8745B402_2_00007FF8A8745B40
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86135FD2_2_00007FF8A86135FD
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86138322_2_00007FF8A8613832
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8611CFD2_2_00007FF8A8611CFD
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86130C12_2_00007FF8A86130C1
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86173602_2_00007FF8A8617360
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8613BA22_2_00007FF8A8613BA2
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8613A852_2_00007FF8A8613A85
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86129822_2_00007FF8A8612982
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8745E402_2_00007FF8A8745E40
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86132E72_2_00007FF8A86132E7
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86172A22_2_00007FF8A86172A2
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86116222_2_00007FF8A8611622
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8614C322_2_00007FF8A8614C32
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86127662_2_00007FF8A8612766
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86136932_2_00007FF8A8613693
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A862D2602_2_00007FF8A862D260
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86352002_2_00007FF8A8635200
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86171032_2_00007FF8A8617103
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86144C12_2_00007FF8A86144C1
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8616CB72_2_00007FF8A8616CB7
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A861560A2_2_00007FF8A861560A
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8615BEB2_2_00007FF8A8615BEB
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86142822_2_00007FF8A8614282
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86150422_2_00007FF8A8615042
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A861550B2_2_00007FF8A861550B
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8613B932_2_00007FF8A8613B93
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8613A8F2_2_00007FF8A8613A8F
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86122E82_2_00007FF8A86122E8
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8616F232_2_00007FF8A8616F23
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86112992_2_00007FF8A8611299
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86121352_2_00007FF8A8612135
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86154CA2_2_00007FF8A86154CA
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61713F22_2_00007FF8B61713F2
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61717BD2_2_00007FF8B61717BD
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61D78602_2_00007FF8B61D7860
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617114F2_2_00007FF8B617114F
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617F8E52_2_00007FF8B617F8E5
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61714512_2_00007FF8B6171451
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617B3602_2_00007FF8B617B360
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171C942_2_00007FF8B6171C94
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61812002_2_00007FF8B6181200
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171A872_2_00007FF8B6171A87
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61719562_2_00007FF8B6171956
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61D00502_2_00007FF8B61D0050
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61719972_2_00007FF8B6171997
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6171BDB2_2_00007FF8B6171BDB
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617256D2_2_00007FF8B617256D
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61720AE2_2_00007FF8B61720AE
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61715B42_2_00007FF8B61715B4
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61713982_2_00007FF8B6171398
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617115E2_2_00007FF8B617115E
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B617168B2_2_00007FF8B617168B
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B61715372_2_00007FF8B6171537
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6176B902_2_00007FF8B6176B90
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B78308202_2_00007FF8B7830820
          Source: C:\Users\user\Desktop\builded.exeCode function: String function: 00007FF8A8614836 appears 127 times
          Source: C:\Users\user\Desktop\builded.exeCode function: String function: 00007FF8A8611EF1 appears 1589 times
          Source: C:\Users\user\Desktop\builded.exeCode function: String function: 00007FF8A86124B9 appears 84 times
          Source: C:\Users\user\Desktop\builded.exeCode function: String function: 00007FF8A8612734 appears 509 times
          Source: C:\Users\user\Desktop\builded.exeCode function: String function: 00007FF8B61DD465 appears 103 times
          Source: C:\Users\user\Desktop\builded.exeCode function: String function: 00007FF8A8614D63 appears 35 times
          Source: C:\Users\user\Desktop\builded.exeCode function: String function: 00007FF8B61DD3CF appears 218 times
          Source: C:\Users\user\Desktop\builded.exeCode function: String function: 00007FF8A8616889 appears 31 times
          Source: C:\Users\user\Desktop\builded.exeCode function: String function: 00007FF8A861300D appears 55 times
          Source: C:\Users\user\Desktop\builded.exeCode function: String function: 00007FF8B61712EE appears 582 times
          Source: C:\Users\user\Desktop\builded.exeCode function: String function: 00007FF8B7823A10 appears 44 times
          Source: C:\Users\user\Desktop\builded.exeCode function: String function: 00007FF8A8616988 appears 49 times
          Source: C:\Users\user\Desktop\builded.exeCode function: String function: 00007FF8A8612A04 appears 170 times
          Source: C:\Users\user\Desktop\builded.exeCode function: String function: 00007FF7A3B22710 appears 104 times
          Source: C:\Users\user\Desktop\builded.exeCode function: String function: 00007FF8A8614052 appears 780 times
          Source: C:\Users\user\Desktop\builded.exeCode function: String function: 00007FF7A3B22910 appears 34 times
          Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
          Source: python3.dll.0.drStatic PE information: No import functions for PE file found
          Source: builded.exe, 00000000.00000003.2106192195.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs builded.exe
          Source: builded.exe, 00000000.00000003.2105042231.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs builded.exe
          Source: builded.exe, 00000000.00000003.2105218033.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs builded.exe
          Source: builded.exe, 00000000.00000003.2103235642.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.pyd0 vs builded.exe
          Source: builded.exe, 00000000.00000003.2104902081.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs builded.exe
          Source: builded.exe, 00000000.00000003.2103717117.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs builded.exe
          Source: builded.exe, 00000000.00000003.2105389899.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs builded.exe
          Source: builded.exe, 00000000.00000003.2104248782.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs builded.exe
          Source: builded.exe, 00000000.00000003.2104595503.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs builded.exe
          Source: builded.exe, 00000000.00000003.2103560501.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs builded.exe
          Source: builded.exe, 00000000.00000003.2106584149.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs builded.exe
          Source: builded.exe, 00000000.00000003.2105505879.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs builded.exe
          Source: builded.exe, 00000000.00000003.2107586824.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs builded.exe
          Source: builded.exe, 00000000.00000003.2103915044.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs builded.exe
          Source: builded.exeBinary or memory string: OriginalFilename vs builded.exe
          Source: builded.exe, 00000002.00000002.2238727022.00007FF8B7EF1000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamepywintypes310.dll0 vs builded.exe
          Source: builded.exe, 00000002.00000002.2239420763.00007FF8B8B12000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs builded.exe
          Source: builded.exe, 00000002.00000002.2241791405.00007FF8BA4F6000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs builded.exe
          Source: builded.exe, 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilenamelibsslH vs builded.exe
          Source: builded.exe, 00000002.00000002.2240331816.00007FF8B8F76000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs builded.exe
          Source: builded.exe, 00000002.00000002.2239203399.00007FF8B81AD000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs builded.exe
          Source: builded.exe, 00000002.00000002.2241493635.00007FF8BA257000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs builded.exe
          Source: builded.exe, 00000002.00000002.2236878518.00007FF8A8DA7000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython310.dll. vs builded.exe
          Source: builded.exe, 00000002.00000002.2240736232.00007FF8B8F92000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs builded.exe
          Source: builded.exe, 00000002.00000002.2237611031.00007FF8B78C5000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs builded.exe
          Source: builded.exe, 00000002.00000002.2235276694.00007FF8A8954000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs builded.exe
          Source: builded.exe, 00000002.00000002.2241194295.00007FF8B9849000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs builded.exe
          Source: builded.exe, 00000002.00000002.2238990080.00007FF8B816E000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs builded.exe
          Source: builded.exe, 00000002.00000002.2241000646.00007FF8B93DB000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs builded.exe
          Source: builded.exe, 00000002.00000002.2225363341.0000019401CA0000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs builded.exe
          Source: builded.exe, 00000002.00000002.2238321712.00007FF8B7EC4000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenamepythoncom310.dll0 vs builded.exe
          Source: builded.exe, 00000002.00000002.2239663426.00007FF8B8B44000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs builded.exe
          Source: builded.exe, 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs builded.exe
          Source: builded.exe, 00000002.00000002.2237787891.00007FF8B7E11000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs builded.exe
          Source: classification engineClassification label: mal76.troj.evad.winEXE@6/92@1/1
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6576:120:WilError_03
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442Jump to behavior
          Source: builded.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\builded.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT action_url, username_value, password_value FROM logins;
          Source: builded.exeVirustotal: Detection: 43%
          Source: C:\Users\user\Desktop\builded.exeFile read: C:\Users\user\Desktop\builded.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\builded.exe "C:\Users\user\Desktop\builded.exe"
          Source: C:\Users\user\Desktop\builded.exeProcess created: C:\Users\user\Desktop\builded.exe "C:\Users\user\Desktop\builded.exe"
          Source: C:\Users\user\Desktop\builded.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\builded.exeProcess created: C:\Users\user\Desktop\builded.exe "C:\Users\user\Desktop\builded.exe"Jump to behavior
          Source: C:\Users\user\Desktop\builded.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: vcruntime140.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: libffi-7.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: vcruntime140_1.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: libcrypto-1_1.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: libssl-1_1.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\builded.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
          Source: builded.exeStatic PE information: Image base 0x140000000 > 0x60000000
          Source: builded.exeStatic file information: File size 17318617 > 1048576
          Source: builded.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
          Source: builded.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
          Source: builded.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
          Source: builded.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: builded.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
          Source: builded.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
          Source: builded.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
          Source: builded.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
          Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.0.dr
          Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: builded.exe, 00000000.00000003.2105042231.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2239535513.00007FF8B8B3B000.00000002.00000001.01000000.0000000A.sdmp
          Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: builded.exe, 00000002.00000002.2241677084.00007FF8BA4F3000.00000002.00000001.01000000.0000000C.sdmp, select.pyd.0.dr
          Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\pywintypes.pdb** source: builded.exe, 00000002.00000002.2238568534.00007FF8B7EE0000.00000002.00000001.01000000.0000000E.sdmp
          Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: builded.exe, 00000000.00000003.2107586824.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, _uuid.pyd.0.dr
          Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\win32ui.pdb source: win32ui.pyd.0.dr
          Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\win32trace.pdb source: win32trace.pyd.0.dr
          Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1l 24 Aug 2021built on: Thu Aug 26 18:34:57 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: builded.exe, 00000002.00000002.2234341395.00007FF8A885D000.00000002.00000001.01000000.00000014.sdmp
          Source: Binary string: D:\_w\1\b\bin\amd64\python310.pdb source: builded.exe, 00000002.00000002.2236120388.00007FF8A8C8D000.00000002.00000001.01000000.00000004.sdmp
          Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: builded.exe, 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmp
          Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: builded.exe, 00000000.00000003.2103915044.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2240440862.00007FF8B8F8D000.00000002.00000001.01000000.00000009.sdmp
          Source: Binary string: D:\_w\1\b\libssl-1_1.pdb?? source: builded.exe, 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmp
          Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\pythoncom.pdb source: builded.exe, 00000002.00000002.2237933900.00007FF8B7E7C000.00000002.00000001.01000000.00000010.sdmp
          Source: Binary string: D:\_w\1\b\bin\amd64\_multiprocessing.pdb source: builded.exe, 00000000.00000003.2105218033.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
          Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: builded.exe, 00000002.00000002.2234341395.00007FF8A885D000.00000002.00000001.01000000.00000014.sdmp
          Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: builded.exe, 00000000.00000003.2105389899.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2240269822.00007FF8B8F73000.00000002.00000001.01000000.00000012.sdmp
          Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: builded.exe, 00000000.00000003.2103560501.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2241376133.00007FF8BA251000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
          Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: builded.exe, 00000002.00000002.2237475467.00007FF8B78AD000.00000002.00000001.01000000.00000015.sdmp, _ssl.pyd.0.dr
          Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\pywintypes.pdb source: builded.exe, 00000002.00000002.2238568534.00007FF8B7EE0000.00000002.00000001.01000000.0000000E.sdmp
          Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: builded.exe, 00000000.00000003.2104902081.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2238907267.00007FF8B8167000.00000002.00000001.01000000.00000013.sdmp
          Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: builded.exe, 00000000.00000003.2105042231.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2239535513.00007FF8B8B3B000.00000002.00000001.01000000.0000000A.sdmp
          Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
          Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: builded.exe, 00000002.00000002.2240927502.00007FF8B93D0000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
          Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\pythoncom.pdb}},GCTL source: builded.exe, 00000002.00000002.2237933900.00007FF8B7E7C000.00000002.00000001.01000000.00000010.sdmp
          Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\win32api.pdb source: builded.exe, 00000002.00000002.2237715116.00007FF8B7E03000.00000002.00000001.01000000.00000011.sdmp, win32api.pyd.0.dr
          Source: Binary string: D:\_w\1\b\bin\amd64\pyexpat.pdb source: builded.exe, 00000002.00000002.2239115051.00007FF8B81A2000.00000002.00000001.01000000.0000000D.sdmp, pyexpat.pyd.0.dr
          Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\win32api.pdb!! source: builded.exe, 00000002.00000002.2237715116.00007FF8B7E03000.00000002.00000001.01000000.00000011.sdmp, win32api.pyd.0.dr
          Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: builded.exe, 00000000.00000003.2105505879.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2239338420.00007FF8B8B08000.00000002.00000001.01000000.0000000B.sdmp, _socket.pyd.0.dr
          Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: builded.exe, 00000002.00000002.2225363341.0000019401CA0000.00000002.00000001.01000000.00000006.sdmp
          Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
          Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: builded.exe, 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmp
          Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: builded.exe, 00000000.00000003.2103717117.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2241122443.00007FF8B9845000.00000002.00000001.01000000.0000000F.sdmp
          Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-310\Release\win32ui.pdbOO source: win32ui.pyd.0.dr
          Source: builded.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
          Source: builded.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
          Source: builded.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
          Source: builded.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
          Source: builded.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
          Source: mfc140u.dll.0.drStatic PE information: section name: .didat
          Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
          Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
          Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
          Source: python310.dll.0.drStatic PE information: section name: PyRuntim
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_keccak.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\_socket.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_SHA256.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\_multiprocessing.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_Salsa20.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\_ctypes.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_ARC4.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey\_ec_ws.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_cbc.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_chacha20.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Util\_strxor.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_SHA512.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\_uuid.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\win32\win32trace.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_aes.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Pythonwin\mfc140u.dllJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\VCRUNTIME140.dllJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_ghash_portable.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_SHA224.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\pywin32_system32\pywintypes310.dllJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\libcrypto-1_1.dllJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\python310.dllJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey\_curve25519.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_cast.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_RIPEMD160.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\select.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_ocb.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_des.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_des3.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Protocol\_scrypt.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_BLAKE2b.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_BLAKE2s.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_ecb.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\_sqlite3.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\pyexpat.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_ofb.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\_ssl.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\charset_normalizer\md.cp310-win_amd64.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_MD4.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\libffi-7.dllJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey\_curve448.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\_decimal.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_arc2.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey\_ed25519.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_SHA384.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\sqlite3.dllJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\libssl-1_1.dllJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\_lzma.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\pywin32_system32\pythoncom310.dllJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_MD2.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\_hashlib.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Pythonwin\win32ui.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_SHA1.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\unicodedata.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Util\_cpuid_c.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Math\_modexp.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\_queue.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_poly1305.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography\hazmat\bindings\_rust.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_cfb.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\charset_normalizer\md__mypyc.cp310-win_amd64.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey\_ed448.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_ctr.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\_bz2.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_MD5.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\VCRUNTIME140_1.dllJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\win32com\shell\shell.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\win32\win32api.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\python3.dllJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\win32\_win32sysloader.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_aesni.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_ghash_clmul.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI47442\_cffi_backend.cp310-win_amd64.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B25820 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF7A3B25820
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86132F6 rdtsc 2_2_00007FF8A86132F6
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\_socket.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_keccak.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_SHA256.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\_multiprocessing.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_Salsa20.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\_ctypes.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_ARC4.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey\_ec_ws.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_cbc.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_chacha20.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Util\_strxor.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\_uuid.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_SHA512.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\win32\win32trace.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Pythonwin\mfc140u.dllJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_aes.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_ghash_portable.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_SHA224.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\pywin32_system32\pywintypes310.dllJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\python310.dllJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey\_curve25519.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_cast.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_RIPEMD160.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\select.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_ocb.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_des.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Protocol\_scrypt.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_des3.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_BLAKE2b.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_BLAKE2s.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\pyexpat.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_ecb.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\_sqlite3.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_ofb.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\_ssl.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\charset_normalizer\md.cp310-win_amd64.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_MD4.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey\_curve448.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\_decimal.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey\_ed25519.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_arc2.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_SHA384.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\sqlite3.dllJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\_lzma.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\pywin32_system32\pythoncom310.dllJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_MD2.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\_hashlib.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Pythonwin\win32ui.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_SHA1.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\unicodedata.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Util\_cpuid_c.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Math\_modexp.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\_queue.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography\hazmat\bindings\_rust.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_poly1305.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_cfb.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\charset_normalizer\md__mypyc.cp310-win_amd64.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey\_ed448.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_ctr.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\_bz2.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_MD5.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\win32com\shell\shell.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\win32\win32api.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\python3.dllJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\win32\_win32sysloader.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_aesni.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\_cffi_backend.cp310-win_amd64.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_ghash_clmul.pydJump to dropped file
          Source: C:\Users\user\Desktop\builded.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-18155
          Source: C:\Users\user\Desktop\builded.exeAPI coverage: 2.5 %
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B283B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7A3B283B0
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B292F0 FindFirstFileExW,FindClose,0_2_00007FF7A3B292F0
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B418E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7A3B418E4
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B292F0 FindFirstFileExW,FindClose,2_2_00007FF7A3B292F0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B283B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF7A3B283B0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B418E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF7A3B418E4
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8613229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,2_2_00007FF8A8613229
          Source: builded.exe, 00000000.00000003.2108257222.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: System32\vmGuestLib.dll
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vboxmrxnp.dll
          Source: builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMWARE
          Source: builded.exe, 00000002.00000003.2211800866.00000194024A9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206688703.00000194024A6000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2209280264.00000194024A7000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206179860.000001940245A000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2132946338.00000194024CD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2226164202.00000194024CD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2216063450.00000194024BD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2216797852.00000194024CD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2135643249.00000194024CD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2134754188.00000194024CD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211470147.00000194024A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWket.%SystemRoot%\system32\mswsock.dll
          Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd

          Anti Debugging

          barindex
          Potentially malicious time measurement code found
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86157272_2_00007FF8A8615727
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A861423C2_2_00007FF8A861423C
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A86132F6 rdtsc 2_2_00007FF8A86132F6
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B2D19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7A3B2D19C
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B434F0 GetProcessHeap,0_2_00007FF7A3B434F0
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B2D37C SetUnhandledExceptionFilter,0_2_00007FF7A3B2D37C
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B2D19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7A3B2D19C
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B2C910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7A3B2C910
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B3A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7A3B3A684
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B2D37C SetUnhandledExceptionFilter,2_2_00007FF7A3B2D37C
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B2D19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7A3B2D19C
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B2C910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF7A3B2C910
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF7A3B3A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7A3B3A684
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A84F2AA0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A84F2AA0
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A84F3068 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A84F3068
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8615A1A IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A8615A1A
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8B6172004 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8B6172004
          Source: C:\Users\user\Desktop\builded.exeProcess created: C:\Users\user\Desktop\builded.exe "C:\Users\user\Desktop\builded.exe"Jump to behavior
          Source: C:\Users\user\Desktop\builded.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B495E0 cpuid 0_2_00007FF7A3B495E0
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Util VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography-44.0.0.dist-info\licenses VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography-44.0.0.dist-info\licenses VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\win32 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\win32 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\_ctypes.pyd VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\_bz2.pyd VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\_lzma.pyd VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\win32 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Pythonwin VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\pywin32_system32 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\certifi VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\libssl-1_1.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\pyexpat.pyd VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\win32 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\win32 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\win32 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\win32 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Pythonwin VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Pythonwin VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Pythonwin VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\pywin32_system32 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\_socket.pyd VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\select.pyd VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\win32 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Pythonwin VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\win32 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Pythonwin VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\pywin32_system32 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\pyexpat.pyd VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Pythonwin VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\win32 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\win32\win32api.pyd VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\win32com VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\win32com VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\win32com VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\win32com VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\win32 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Pythonwin VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\_queue.pyd VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\pywin32_system32 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\_hashlib.pyd VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\_ssl.pyd VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\win32 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\win32 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\win32 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Pythonwin VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\win32 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\Pythonwin VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\charset_normalizer VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\charset_normalizer VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\charset_normalizer VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\charset_normalizer VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\charset_normalizer\md.cp310-win_amd64.pyd VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\charset_normalizer VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\charset_normalizer\md__mypyc.cp310-win_amd64.pyd VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\unicodedata.pyd VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\win32 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\pywin32_system32 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442 VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\certifi VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI47442\certifi VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeQueries volume information: C:\Users\user\Desktop\builded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B2D080 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7A3B2D080
          Source: C:\Users\user\Desktop\builded.exeCode function: 0_2_00007FF7A3B45C70 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF7A3B45C70
          Source: C:\Users\user\Desktop\builded.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected CStealer
          Source: Yara matchFile source: 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: builded.exe PID: 6496, type: MEMORYSTR
          Yara detected Generic Python Stealer
          Source: Yara matchFile source: 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: builded.exe PID: 6496, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected CStealer
          Source: Yara matchFile source: 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: builded.exe PID: 6496, type: MEMORYSTR
          Yara detected Generic Python Stealer
          Source: Yara matchFile source: 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: builded.exe PID: 6496, type: MEMORYSTR
          Source: C:\Users\user\Desktop\builded.exeCode function: 2_2_00007FF8A8612B5D bind,WSAGetLastError,2_2_00007FF8A8612B5D

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Native API          		1
          DLL Side-Loading          		11
          Process Injection          		11
          Process Injection          		OS Credential Dumping2
          System Time Discovery          		Remote Services1
          Archive Collected Data          		22
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          DLL Side-Loading          		1
          Deobfuscate/Decode Files or Information          		LSASS Memory31
          Security Software Discovery          		Remote Desktop ProtocolData from Removable Media1
          Non-Application Layer Protocol          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
          Obfuscated Files or Information          		Security Account Manager1
          File and Directory Discovery          		SMB/Windows Admin SharesData from Network Shared Drive2
          Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          DLL Side-Loading          		NTDS23
          System Information Discovery          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          builded.exe43%VirustotalBrowse

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_MD2.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_MD4.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_MD5.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_SHA1.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_SHA224.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_SHA256.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_SHA384.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_SHA512.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_keccak.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_poly1305.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Math\_modexp.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey\_curve25519.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey\_curve448.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Util\_strxor.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Pythonwin\mfc140u.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\Pythonwin\win32ui.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\VCRUNTIME140.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\VCRUNTIME140_1.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\_bz2.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\_cffi_backend.cp310-win_amd64.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\_ctypes.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\_decimal.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\_hashlib.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\_lzma.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\_multiprocessing.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\_queue.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\_socket.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI47442\_sqlite3.pyd0%ReversingLabs

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          https://discord.gift/100%Avira URL Cloudmalware
          https://paypal.com)0%Avira URL Cloudsafe
          https://crunchyroll.com)0%Avira URL Cloudsafe
          https://discord.com)0%Avira URL Cloudsafe
          https://youtube.com)0%Avira URL Cloudsafe
          https://xbox.com)0%Avira URL Cloudsafe
          https://urllib3.readthedocs.io/en/latest/advanced-usage.html#socks-proxies0%Avira URL Cloudsafe
          https://tiktok.com)0%Avira URL Cloudsafe
          https://coinbase.com)0%Avira URL Cloudsafe
          http://repository.swisssign.com/O0%Avira URL Cloudsafe
          https://playstation.com)0%Avira URL Cloudsafe
          https://ebay.com)0%Avira URL Cloudsafe
          https://sellix.io)0%Avira URL Cloudsafe
          https://binance.com)0%Avira URL Cloudsafe
          https://outlook.com)0%Avira URL Cloudsafe
          https://github.com)0%Avira URL Cloudsafe
          https://netflix.com)0%Avira URL Cloudsafe
          https://gmail.com)0%Avira URL Cloudsafe
          https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=referral0%Avira URL Cloudsafe
          https://steam.com)0%Avira URL Cloudsafe
          https://spotify.com)0%Avira URL Cloudsafe
          https://hbo.com)0%Avira URL Cloudsafe
          https://twitter.com)0%Avira URL Cloudsafe
          https://pornhub.com)0%Avira URL Cloudsafe
          http://pyparsing.wikispaces.com0%Avira URL Cloudsafe
          https://tidelift.com/badges/github/pypa/setuptools?style=flat0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          webhook.my
          		104.21.77.174
          		truefalse
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://discord.gift/builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
            • Avira URL Cloud: malware
            		unknown
            http://crl.dhimyotis.com/certignarootca.crl0builded.exe, 00000002.00000002.2232296527.000001940362E000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://coinbase.com)builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://img.shields.io/pypi/pyversions/setuptools.svgMETADATA0.0.drfalse
                		high
                https://img.shields.io/pypi/v/setuptools.svgMETADATA0.0.drfalse
                  		high
                  https://tiktok.com)builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://discord.com)builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://python.org/dev/peps/pep-0263/builded.exe, 00000002.00000002.2236120388.00007FF8A8C8D000.00000002.00000001.01000000.00000004.sdmpfalse
                    		high
                    https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#builded.exe, 00000002.00000003.2128523396.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2225050186.0000019400293000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2130215745.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2130039106.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212143134.000001940028C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2217039368.0000019400293000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2130458610.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128732316.000001940029F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2129076923.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128523396.0000019400233000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2209872602.0000019400259000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214464910.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2131042500.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2129685820.000001940026C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2208175346.0000019400226000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://www.apache.org/licenses/LICENSE-2.0LICENSE.APACHE.0.drfalse
                        		high
                        https://img.shields.io/codecov/c/github/pypa/setuptools/master.svg?logo=codecov&logoColor=whiteMETADATA0.0.drfalse
                          		high
                          https://paypal.com)builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://github.com/pypa/packagingbuilded.exe, 00000002.00000002.2230655305.00000194030E0000.00000004.00001000.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2227373807.0000019402AE0000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://pypi.org/project/setuptoolsMETADATA0.0.drfalse
                              		high
                              https://github.com/pypa/setuptools/workflows/tests/badge.svgMETADATA0.0.drfalse
                                		high
                                https://discord.com/api/v9/users/builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://xbox.com)builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://youtube.com)builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://blog.jaraco.com/skeletonMETADATA0.0.drfalse
                                      		high
                                      http://repository.swisssign.com/Obuilded.exe, 00000002.00000003.2212073828.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212332520.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213157638.0000019402EB3000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://crl.dhimyotis.com/certignarootca.crlbuilded.exe, 00000002.00000002.2230273469.0000019402FCD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213023278.0000019402FC9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213333916.0000019402FCA000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212600609.0000019402FC8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212471062.0000019402FA8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212442048.0000019402F9C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212225092.0000019402F96000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://curl.haxx.se/rfc/cookie_spec.htmlbuilded.exe, 00000002.00000002.2231186387.0000019403410000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.mdMETADATA0.0.drfalse
                                            		high
                                            https://urllib3.readthedocs.io/en/latest/advanced-usage.html#socks-proxiesbuilded.exe, 00000002.00000002.2230984159.00000194032F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://json.orgbuilded.exe, 00000002.00000003.2207966068.0000019402CB9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212632731.0000019402CB9000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenamebuilded.exe, 00000002.00000003.2128523396.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2225189310.0000019401BA0000.00000004.00001000.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128732316.000001940029F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128523396.0000019400233000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxybuilded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://crunchyroll.com)builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://wwww.certigna.fr/autorites/0mbuilded.exe, 00000002.00000002.2230273469.0000019402FCD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213023278.0000019402FC9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213333916.0000019402FCA000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212600609.0000019402FC8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2232296527.000001940362E000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212471062.0000019402FA8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212442048.0000019402F9C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212225092.0000019402F96000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerbuilded.exe, 00000002.00000003.2128523396.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2225050186.0000019400293000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2130215745.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2130039106.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212143134.000001940028C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2217039368.0000019400293000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2130458610.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128732316.000001940029F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2129076923.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128523396.0000019400233000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2209872602.0000019400259000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214464910.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2131042500.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2129685820.000001940026C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2208175346.0000019400226000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://ebay.com)builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://httpbin.org/builded.exe, 00000002.00000003.2207509222.0000019402422000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.apache.org/licenses/LICENSE.APACHE.0.drfalse
                                                          		high
                                                          https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainbuilded.exe, 00000000.00000003.2109171323.000002E54ACB5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                            		high
                                                            https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_modulebuilded.exe, 00000002.00000003.2128523396.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128523396.0000019400233000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2225189310.0000019401C28000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesbuilded.exe, 00000002.00000002.2225189310.0000019401BA0000.00000004.00001000.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128523396.0000019400233000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://playstation.com)builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535builded.exe, 00000002.00000003.2206561494.0000019402D13000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2205771887.0000019402CB9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214058925.0000019402D35000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211220075.0000019402D2C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://mail.python.org/pipermail/distutils-sig/METADATA0.0.drfalse
                                                                    		high
                                                                    https://cryptography.io/en/latest/installation/builded.exe, 00000000.00000003.2109171323.000002E54ACB5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                      		high
                                                                      https://sellix.io)builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://github.com/pypa/setuptools/issues/417#issuecomment-392298401builded.exe, 00000002.00000002.2227038840.00000194027E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://github.com/fernet/spec/blob/master/Spec.mdbuilded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://wiki.debian.org/XDGBaseDirectorySpecification#statebuilded.exe, 00000002.00000003.2215429838.0000019400253000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2216156282.0000019400254000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2208175346.0000019400226000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://crl.securetrust.com/STCA.crlbuilded.exe, 00000002.00000003.2212073828.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212332520.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213157638.0000019402EB3000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0builded.exe, 00000002.00000003.2212914415.0000019402F9D000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212442048.0000019402F9C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2229610004.0000019402F9D000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212225092.0000019402F96000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://tools.ietf.org/html/rfc6125#section-6.4.3builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://discord.com/api/v6/guilds/builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.cert.fnmt.es/dpcs/builded.exe, 00000002.00000003.2212914415.0000019402FA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213023278.0000019402FAA000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213635058.0000019402FC2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2230166628.0000019402FC3000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212471062.0000019402FA8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213076566.0000019402FB5000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212442048.0000019402F9C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212225092.0000019402F96000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://google.com/mailbuilded.exe, 00000002.00000003.2213973304.0000019402DFD000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211419796.0000019402DF5000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206091047.0000019402DC8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214492268.0000019402E17000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2217957882.0000019402E1C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2205771887.0000019402DC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.accv.es00builded.exe, 00000002.00000003.2208530618.000001940272A000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2210176314.000001940272B000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2209550869.000001940272A000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2226850582.000001940272C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206716240.000001940272A000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2219246007.000001940272C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211585629.000001940272C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214428837.000001940272C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212225092.0000019402F96000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://github.com/pyca/cryptography/issuesMETADATA.0.drfalse
                                                                                            		high
                                                                                            https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.builded.exe, 00000002.00000003.2212400705.0000019402CF6000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2216233925.0000019402CF7000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2205771887.0000019402CB9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2216380371.0000019402CF9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2207966068.0000019402CB9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://packaging.python.org/installing/METADATA0.0.drfalse
                                                                                                		high
                                                                                                https://mahler:8092/site-updates.pybuilded.exe, 00000002.00000003.2214664979.0000019402E90000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402E8E000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2218208743.0000019402E91000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212073828.0000019402E90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://cryptography.io/METADATA.0.drfalse
                                                                                                    		high
                                                                                                    https://discord.gg/builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.firmaprofesional.com/cps0builded.exe, 00000002.00000003.2212842134.0000019403630000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2215367100.0000019402E60000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2232408060.0000019403636000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213549647.0000019403634000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2215532950.0000019402E62000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2229085288.0000019402E63000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2216494704.0000019402E63000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=referralMETADATA0.0.drfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specbuilded.exe, 00000002.00000003.2128523396.0000019400233000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2225189310.0000019401C28000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://netflix.com)builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://github.com/urllib3/urllib3/issues/2920builded.exe, 00000002.00000002.2230984159.00000194032F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://gmail.com)builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://crl.securetrust.com/SGCA.crl0builded.exe, 00000002.00000003.2211909452.0000019402EFC000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://crl3.digibuilded.exe, 00000000.00000003.2103915044.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_databuilded.exe, 00000002.00000003.2128523396.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2225050186.0000019400293000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2130215745.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2130039106.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212143134.000001940028C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2217039368.0000019400293000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2130458610.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128732316.000001940029F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2129076923.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2128523396.0000019400233000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2209872602.0000019400259000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214464910.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2131042500.000001940028F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2129685820.000001940026C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2208175346.0000019400226000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://outlook.com)builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://github.com)builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://www.quovadisglobal.com/cps0builded.exe, 00000002.00000002.2229154751.0000019402EB6000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212073828.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212332520.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213157638.0000019402EB3000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://binance.com)builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://crl.securetrust.com/SGCA.crlBbuilded.exe, 00000002.00000003.2213289393.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2229085288.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2218208743.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212073828.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212332520.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://cryptography.io/en/latest/changelog/builded.exe, 00000000.00000003.2109171323.000002E54ACB5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                        		high
                                                                                                                        https://spotify.com)builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://img.shields.io/badge/code%20style-black-000000.svgMETADATA0.0.drfalse
                                                                                                                          		high
                                                                                                                          https://mail.python.org/mailman/listinfo/cryptography-devbuilded.exe, 00000000.00000003.2109171323.000002E54ACB5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                            		high
                                                                                                                            http://docs.python.org/library/itertools.html#recipesbuilded.exe, 00000002.00000002.2230415130.0000019402FE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://discord.com/api/users/builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://steam.com)builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://github.com/pypa/setuptools/issues/1024.builded.exe, 00000002.00000002.2227373807.0000019402AE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/builded.exe, 00000002.00000003.2215367100.0000019402E60000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2215532950.0000019402E62000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2229085288.0000019402E63000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2216494704.0000019402E63000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://ocsp.accv.es0builded.exe, 00000002.00000003.2212225092.0000019402F96000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.python.org/builded.exe, 00000002.00000003.2214664979.0000019402E90000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402E8E000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2218208743.0000019402E91000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212073828.0000019402E90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://docs.python.org/3/library/pprint.html#pprint.pprintbuilded.exe, 00000002.00000003.2214385703.00000194025F5000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2134754188.0000019402431000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2134602070.0000019402C20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://www.python.org/dev/peps/pep-0205/builded.exe, 00000000.00000003.2107935191.000002E54ACB2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000002.2227038840.00000194027E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://twitter.com/builded.exe, 00000002.00000003.2206179860.0000019402422000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214297997.000001940242C000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2209398619.0000019402427000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2214664979.0000019402E8D000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2207509222.0000019402422000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://crl.securetrust.com/STCA.crlRLopener._builded.exe, 00000002.00000003.2212073828.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212332520.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213157638.0000019402EB3000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://hbo.com)builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                http://www.quovadisglobal.com/cpsbuilded.exe, 00000002.00000002.2229248948.0000019402EF5000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213351253.0000019402EC6000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2213384788.0000019402EF2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212073828.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206410674.0000019402EA9000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2212259966.0000019402EBA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://github.com/python/mypy/issues/3216builded.exe, 00000002.00000003.2208346038.000001940261F000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2218859946.00000194026C3000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2215067262.00000194026C1000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2211145578.0000019402621000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206716240.0000019402676000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2134984384.000001940261E000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2207908188.000001940261E000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2208530618.00000194026C0000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206896459.00000194026A3000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2208976139.0000019402620000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://twitter.com)builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://geolocation-db.com/jsonp/builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://google.com/mail/builded.exe, 00000002.00000003.2205771887.0000019402DC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://img.shields.io/pypi/v/cryptography.svgbuilded.exe, 00000000.00000003.2109171323.000002E54ACB5000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                          		high
                                                                                                                                                          http://google.com/mail/builded.exe, 00000002.00000003.2215333433.0000019402DF0000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2206091047.0000019402DC8000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2217957882.0000019402DF2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2216717503.0000019402DF2000.00000004.00000020.00020000.00000000.sdmp, builded.exe, 00000002.00000003.2205771887.0000019402DC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://pyparsing.wikispaces.combuilded.exe, 00000002.00000003.2134602070.0000019402C20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://tidelift.com/badges/github/pypa/setuptools?style=flatMETADATA0.0.drfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://www.openssl.org/Hbuilded.exe, 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmp, builded.exe, 00000002.00000002.2235276694.00007FF8A8954000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://pornhub.com)builded.exe, 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://img.shields.io/readthedocs/setuptools/latest.svgMETADATA0.0.drfalse
                                                                                                                                                                		high

                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                Public IPs

                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                104.21.77.174
                                                                                                                                                                		webhook.myUnited States
                                                                                                                                                                		13335CLOUDFLARENETUSfalse

                                                                                                                                                                General Information

                                                                                                                                                                Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                Analysis ID:1591683
                                                                                                                                                                Start date and time:2025-01-15 10:00:11 +01:00
                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                Overall analysis duration:0h 8m 26s
                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                Report type:full
                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                Number of analysed new started processes analysed:7
                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                Technologies:
                                                                                                                                                                • HCA enabled
                                                                                                                                                                • EGA enabled
                                                                                                                                                                • AMSI enabled
                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                Sample name:builded.exe
                                                                                                                                                                Detection:MAL
                                                                                                                                                                Classification:mal76.troj.evad.winEXE@6/92@1/1
                                                                                                                                                                EGA Information:
                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                HCA Information:Failed
                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                Warnings

                                                                                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 13.107.246.45, 4.175.87.197
                                                                                                                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                • Report size getting too big, too many NtQueryVolumeInformationFile calls found.

                                                                                                                                                                Simulations

                                                                                                                                                                Behavior and APIs

                                                                                                                                                                No simulations

                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                IPs

                                                                                                                                                                No context

                                                                                                                                                                Domains

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                webhook.mydog.jpg.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 188.114.96.3
                                                                                                                                                                Fw3icx4ZWB.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 172.67.142.9

                                                                                                                                                                ASNs

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                CLOUDFLARENETUSInquiry.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                                                                                                • 104.16.184.241
                                                                                                                                                                https://www.google.com/url?q=https://newinvite.es/zoom&source=gmail&ust=1736277206672000&usg=AOvVaw1tMcQvXWpd-idsJybr3xOAGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                • 104.21.64.1
                                                                                                                                                                https://www.google.com/url?q=https://newinvite.es/zoom&source=gmail&ust=1736277206672000&usg=AOvVaw1tMcQvXWpd-idsJybr3xOAGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                • 104.21.112.1
                                                                                                                                                                http://arthistoryteachingresources.org/2015/02/talk-to-your-profbut-how/Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 188.114.97.3
                                                                                                                                                                Contrarre.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                • 104.21.96.1
                                                                                                                                                                17369284269327933f4ce2d9485e98192cffc35d127e85bf0db77dc37ba595305760e31611471.dat-decoded.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                                                                                                • 104.16.185.241
                                                                                                                                                                http://jfdhq.offerpeercheck.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                NEW SHIPPING DOCUMENTS.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                • 104.26.13.205
                                                                                                                                                                Company introduction.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                • 104.21.48.1
                                                                                                                                                                new order.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                • 104.26.13.205

                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                No context

                                                                                                                                                                Dropped Files

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_ARC4.pydpbz3swuapf.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                    LEmcGUQfA7.exeGet hashmaliciousPython Stealer, Creal StealerBrowse
                                                                                                                                                                      3LcZO15oTC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                        3LcZO15oTC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                          main.exeGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              file.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                DChOtFdp9T.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                                                                  3OQL58yflv.exeGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_Salsa20.pydpbz3swuapf.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                        LEmcGUQfA7.exeGet hashmaliciousPython Stealer, Creal StealerBrowse
                                                                                                                                                                                          3LcZO15oTC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            main.exeGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                file.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                  DChOtFdp9T.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                                                                                    3OQL58yflv.exeGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                      7zip.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_ARC4.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11264
                                                                                                                                                                                                        Entropy (8bit):4.640339306680604
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:dLklddyTHThob0q/tJRrlDfNYSOcqgYCWt:ZgcdZq/JJD6gRWt
                                                                                                                                                                                                        MD5:BCD8CAAF9342AB891BB1D8DD45EF0098
                                                                                                                                                                                                        SHA1:EE7760BA0FF2548F25D764F000EFBB1332BE6D3E
                                                                                                                                                                                                        SHA-256:78725D2F55B7400A3FCAFECD35AF7AEB253FBC0FFCDF1903016EB0AABD1B4E50
                                                                                                                                                                                                        SHA-512:8B6FB53AECB514769985EBFDAB1B3C739024597D9C35905E04971D5422256546F7F169BF98F9BAF7D9F42A61CFF3EE7A20664989D3000773BF5EDA10CB3A0C24
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                        • Filename: pbz3swuapf.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: LEmcGUQfA7.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: 3LcZO15oTC.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: 3LcZO15oTC.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: DChOtFdp9T.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: 3OQL58yflv.exe, Detection: malicious, Browse
                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...Y..f.........." ................P........................................p............`..........................................'......0(..d....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..(....`.......*..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_Salsa20.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):13824
                                                                                                                                                                                                        Entropy (8bit):5.0194545642425075
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:4t/1nCuqaL0kt7AznuRmceS4lDFhAlcqgcLg:F/k1ACln4lDogcLg
                                                                                                                                                                                                        MD5:F19CB847E567A31FAB97435536C7B783
                                                                                                                                                                                                        SHA1:4C8BFE404AF28C1781740E7767619A5E2D2FF2B7
                                                                                                                                                                                                        SHA-256:1ECE1DC94471D6977DBE2CEEBA3764ADF0625E2203D6257F7C781C619D2A3DAD
                                                                                                                                                                                                        SHA-512:382DC205F703FC3E1F072F17F58E321E1A65B86BE7D9D6B07F24A02A156308A7FEC9B1A621BA1F3428FD6BB413D14AE9ECB2A2C8DD62A7659776CFFDEBB6374C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                        • Filename: pbz3swuapf.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: LEmcGUQfA7.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: 3LcZO15oTC.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: DChOtFdp9T.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: 3OQL58yflv.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: 7zip.exe, Detection: malicious, Browse
                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`..........................................8......H9..d....`.......P..L............p..(....1...............................1..8............0...............................text...h........................... ..`.rdata..r....0......................@..@.data...H....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_chacha20.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):13312
                                                                                                                                                                                                        Entropy (8bit):5.037456384995606
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:st/1nCuqaL0ktPMn1ENe3erKr5br0YbsiDw6a9lkOcqgRGd:p/kpMIodrXbsiDS95gRGd
                                                                                                                                                                                                        MD5:DC14677EA8A8C933CC41F9CCF2BEDDC1
                                                                                                                                                                                                        SHA1:A6FB87E8F3540743097A467ABE0723247FDAF469
                                                                                                                                                                                                        SHA-256:68F081E96AE08617CF111B21EDED35C1774A5EF1223DF9A161C9445A78F25C73
                                                                                                                                                                                                        SHA-512:3ABA4CFCBBE4B350AB3230D488BD75186427E3AAAF38D19E0E1C7330F16795AD77FB6E26FF39AF29EAF4F5E8C42118CB680F90AFBFCA218AEDA64DC444675BA2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`......................................... 8.......8..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):14336
                                                                                                                                                                                                        Entropy (8bit):5.09191874780435
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:rMVsiXeqVb0lIb0Pj5Jdfpm68WZDInU282tacqgYLg:rM7ali0Pj5JxCaDuUlgYLg
                                                                                                                                                                                                        MD5:C09BB8A30F0F733C81C5C5A3DAD8D76D
                                                                                                                                                                                                        SHA1:46FD3BA87A32D12F4EE14601D1AD73B78EDC81D1
                                                                                                                                                                                                        SHA-256:8A1B751DB47CE7B1D3BD10BEBFFC7442BE4CFB398E96E3B1FF7FB83C88A8953D
                                                                                                                                                                                                        SHA-512:691AC74FAE930E9CEABE782567EFB99C50DD9B8AD607DD7F99A5C7DF2FA2BEB7EDFE2EBB7095A72DA0AE24E688FBABD340EAE8B646D5B8C394FEE8DDD5E60D31
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...X..f.........." ................P.....................................................`.........................................`8.......8..d....`.......P..(............p..(....1...............................1..8............0...............................text............................... ..`.rdata..6....0....... ..............@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_aes.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):36352
                                                                                                                                                                                                        Entropy (8bit):6.541423493519083
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:f/UlZA5PUEllvxL/7v/iKBt5ByU0xGitqzSEkxGG7+tpKHb/LZ7fr52EkifcMxme:klcR7JriEbwDaS4j990th9VDBV
                                                                                                                                                                                                        MD5:0AB25F99CDAACA6B11F2ECBE8223CAD5
                                                                                                                                                                                                        SHA1:7A881B3F84EF39D97A31283DE6D7B7AE85C8BAE6
                                                                                                                                                                                                        SHA-256:6CE8A60D1AB5ADC186E23E3DE864D7ADF6BDD37E3B0C591FA910763C5C26AF60
                                                                                                                                                                                                        SHA-512:11E89EEF34398DF3B144A0303E08B3A4CAF41A9A8CA618C18135F561731F285F8CF821D81179C2C45F6EEB0E496D9DD3ECF6FF202A3C453C80AFEF8582D06C17
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." .....H...H......P.....................................................`.........................................p...........d...............................0......................................8............`...............................text...xG.......H.................. ..`.rdata.."6...`...8...L..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15360
                                                                                                                                                                                                        Entropy (8bit):5.367749645917753
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:YiJBj5fq/Rk0kPLhOZ3UucCWuSKPEkA2bD9JXx03cqg5YUMLgs:/k1kTMZEjCWNaA2DTx0g5YUMLg
                                                                                                                                                                                                        MD5:B6EA675C3A35CD6400A7ECF2FB9530D1
                                                                                                                                                                                                        SHA1:0E41751AA48108D7924B0A70A86031DDE799D7D6
                                                                                                                                                                                                        SHA-256:76EF4C1759B5553550AB652B84F8E158BA8F34F29FD090393815F06A1C1DC59D
                                                                                                                                                                                                        SHA-512:E31FD33E1ED6D4DA3957320250282CFD9EB3A64F12DE4BD2DFE3410F66725164D96B27CAA34C501D1A535A5A2442D5F070650FD3014B4B92624EE00F1C3F3197
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.z.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ......... ......P.....................................................`..........................................9......$:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...8....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                                                        Entropy (8bit):5.41148259289073
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:w3d9FkHaz0EJvrj+CYuz7ucc9dG7otDr22KcqgOiewZjW:YkHEJzj+X6769lDzagO/w
                                                                                                                                                                                                        MD5:F14E1AA2590D621BE8C10321B2C43132
                                                                                                                                                                                                        SHA1:FD84D11619DFFDF82C563E45B48F82099D9E3130
                                                                                                                                                                                                        SHA-256:FCE70B3DAFB39C6A4DB85D2D662CB9EB9C4861AA648AD7436E7F65663345D177
                                                                                                                                                                                                        SHA-512:A86B9DF163007277D26F2F732ECAB9DBCA8E860F8B5809784F46702D4CEA198824FDEF6AB98BA7DDC281E8791C10EABA002ABDA6F975323B36D5967E0443C1E4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." ....."... ......P.....................................................`.........................................pI.......J..d....p.......`..................(....B...............................B..8............@...............................text...( .......".................. ..`.rdata..<....@.......&..............@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..(............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                        Entropy (8bit):6.041302713678401
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:kUX0JfbRz5MLZA0nmwzMDYpJgLa0Mp8NDBcxgprAM:6NbRzWXwDqgLa1uBfP
                                                                                                                                                                                                        MD5:B127CAE435AEB8A2A37D2A1BC1C27282
                                                                                                                                                                                                        SHA1:2A7BF8BF7F24B2381370BA6B41FB640EE42BDCCD
                                                                                                                                                                                                        SHA-256:538B1253B5929254ED92129FA0957DB26CDDF34A8372BA0BF19D20D01549ADA3
                                                                                                                                                                                                        SHA-512:4FE027E46D5132CA63973C67BD5394F2AC74DD4BBCFE93CB16136FAB4B6BF67BECB5A0D4CA359FF9426DA63CA81F793BBF1B79C8A9D8372C53DCB5796D17367E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....$...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text....".......$.................. ..`.rdata.......@... ...(..............@..@.data...H....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..0............P..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_cast.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):24576
                                                                                                                                                                                                        Entropy (8bit):6.530656045206549
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:cEDwUBi9SPu71omZXmrfXA+UA10ol31tuXVYdAgYj:FsUBXmoEXmrXA+NNxWFYfo
                                                                                                                                                                                                        MD5:2E15AA6F97ED618A3236CFA920988142
                                                                                                                                                                                                        SHA1:A9D556D54519D3E91FA19A936ED291A33C0D1141
                                                                                                                                                                                                        SHA-256:516C5EA47A7B9A166F2226ECBA79075F1A35EFFF14D87E00006B34496173BB78
                                                                                                                                                                                                        SHA-512:A6C75C4A285753CC94E45500E8DD6B6C7574FB7F610FF65667F1BEC8D8B413FC10514B7D62F196C2B8D017C308C5E19E2AEF918021FA81D0CB3D8CED37D8549A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...W..f.........." .....$...>............................................................`..........................................h.......i..d...............................0....a...............................a..8............@...............................text....#.......$.................. ..`.rdata..:-...@.......(..............@..@.data...H....p.......V..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..0............^..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                        Entropy (8bit):4.7080156150187396
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:lF/1n7Guqaj0ktfEJwX1fYwCODR3lncqg0Gd6l:RGXkJEm1feODxDg0Gd6
                                                                                                                                                                                                        MD5:40390F2113DC2A9D6CFAE7127F6BA329
                                                                                                                                                                                                        SHA1:9C886C33A20B3F76B37AA9B10A6954F3C8981772
                                                                                                                                                                                                        SHA-256:6BA9C910F755885E4D356C798A4DD32D2803EA4CFABB3D56165B3017D0491AE2
                                                                                                                                                                                                        SHA-512:617B963816838D649C212C5021D7D0C58839A85D4D33BBAF72C0EC6ECD98B609080E9E57AF06FA558FF302660619BE57CC974282826AB9F21AE0D80FBAA831A1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...X..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):12800
                                                                                                                                                                                                        Entropy (8bit):5.159963979391524
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:kblRgfeqfz0RP767fB4A84DgVD6eDcqgzbkLgmf:BwRj67p84Dg6eVgzbkLgmf
                                                                                                                                                                                                        MD5:899895C0ED6830C4C9A3328CC7DF95B6
                                                                                                                                                                                                        SHA1:C02F14EBDA8B631195068266BA20E03210ABEABC
                                                                                                                                                                                                        SHA-256:18D568C7BE3E04F4E6026D12B09B1FA3FAE50FF29AC3DEAF861F3C181653E691
                                                                                                                                                                                                        SHA-512:0B4C50E40AF92BC9589668E13DF417244274F46F5A66E1FC7D1D59BC281969BA319305BECEA119385F01CC4603439E4B37AFA2CF90645425210848A02839E3E7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^..6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...Jk.7?...J..7?..Rich6?..................PE..d...Y..f.........." ................P.....................................................`..........................................8......x9..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......(..............@....pdata..d....P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):14848
                                                                                                                                                                                                        Entropy (8bit):5.270418334522813
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:vktJ1gifqQGRk0IP73AdXdmEEEEEm9uhiFEQayDZVMcqgnF6+6Lg:vkdU1ID3AdXd49urQPDggnUjLg
                                                                                                                                                                                                        MD5:C4C525B081F8A0927091178F5F2EE103
                                                                                                                                                                                                        SHA1:A1F17B5EA430ADE174D02ECC0B3CB79DBF619900
                                                                                                                                                                                                        SHA-256:4D86A90B2E20CDE099D6122C49A72BAE081F60EB2EEA0F76E740BE6C41DA6749
                                                                                                                                                                                                        SHA-512:7C06E3E6261427BC6E654B2B53518C7EAA5F860A47AE8E80DC3F8F0FED91E122CB2D4632188DC44123FB759749B5425F426CD1153A8F84485EF0491002B26555
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^z.6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...J..7?...J..7?..Rich6?..........................PE..d...Y..f.........." ......... ......P.....................................................`.........................................`9.......:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_des.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56832
                                                                                                                                                                                                        Entropy (8bit):4.231032526864278
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:0qcmHBeNL1dO/qHkpnYcZiGKdZHDLY84vnKAnK2rZA21agVF:fEiqHHx4vZDV
                                                                                                                                                                                                        MD5:F9E266F763175B8F6FD4154275F8E2F0
                                                                                                                                                                                                        SHA1:8BE457700D58356BC2FA7390940611709A0E5473
                                                                                                                                                                                                        SHA-256:14D2799BE604CBDC668FDE8834A896EEE69DAE0E0D43B37289FCCBA35CEF29EC
                                                                                                                                                                                                        SHA-512:EB3E37A3C3FF8A65DEF6FA20941C8672A8197A41977E35AE2DC6551B5587B84C2703758320559F2C93C0531AD5C9D0F6C36EC5037669DC5CE78EB3367D89877B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....6...................................................0............`.................................................\...d...............l............ ..0... ...............................@...8............P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...H...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_des3.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):57344
                                                                                                                                                                                                        Entropy (8bit):4.252429732285762
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:J4cmHBeIzNweVy/CHkRnYcZiGKdZHDLq80vnKAnKBrZGsURygUX:GEO6CHnX0vZb7
                                                                                                                                                                                                        MD5:DECF524B2D53FCD7D4FA726F00B3E5FC
                                                                                                                                                                                                        SHA1:E87C6ED4004F2772B888C5B5758AA75FE99D2F6F
                                                                                                                                                                                                        SHA-256:58F7053EE70467D3384C73F299C0DFD63EEF9744D61D1980D9D2518974CA92D4
                                                                                                                                                                                                        SHA-512:EAFF4FD80843743E61CE635FBADF4E5D9CF2C3E97F3C48350BD9E755F4423AC6867F9FE8746BD5C54E1402B18E8A55AEEF7ACA098C7CF4186DC4C1235EB35DF2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....8...................................................0............`.....................................................d............................ ..0... ...............................@...8............P...............................text...X7.......8.................. ..`.rdata......P.......<..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                        Entropy (8bit):4.690163963718492
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:Yddz2KTnThIz0qfteRY4zp+D3PLui8p1cqgHCWt:k2E9RqfCXp+D3juRpLgiWt
                                                                                                                                                                                                        MD5:80BB1E0E06ACAF03A0B1D4EF30D14BE7
                                                                                                                                                                                                        SHA1:B20CAC0D2F3CD803D98A2E8A25FBF65884B0B619
                                                                                                                                                                                                        SHA-256:5D1C2C60C4E571B88F27D4AE7D22494BED57D5EC91939E5716AFA3EA7F6871F6
                                                                                                                                                                                                        SHA-512:2A13AB6715B818AD62267AB51E55CD54714AEBF21EC9EA61C2AEFD56017DC84A6B360D024F8682A2E105582B9C5FE892ECEBD2BEF8A492279B19FFD84BC83FA5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................0'.......'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                        Entropy (8bit):6.1215844022564285
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:nUX0JfbRwUtPMbNv37t6K5jwbDEpJgLa0Mp8xCkgJrAm:jNbRw8EbxwKBwbD+gLa1nh
                                                                                                                                                                                                        MD5:3727271FE04ECB6D5E49E936095E95BC
                                                                                                                                                                                                        SHA1:46182698689A849A8C210A8BF571D5F574C6F5B1
                                                                                                                                                                                                        SHA-256:3AF5B35DCD5A3B6C7E88CEE53F355AAFFF40F2C21DABD4DE27DBB57D1A29B63B
                                                                                                                                                                                                        SHA-512:5BED1F4DF678FE90B8E3F1B7C4F68198463E579209B079CB4A40DCAC01CE26AA2417DBE029B196F6F2C6AFAD560E2D1AF9F089ABE37EAD121CA10EE69D9659ED
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....(...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text...H'.......(.................. ..`.rdata.......@... ...,..............@..@.data...H....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..0............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):17920
                                                                                                                                                                                                        Entropy (8bit):5.293810509074883
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:4PHoDUntQjNB+/yw/pogeXOvXoTezczOo3p9iJgDQ3iNgnVbwhA:dUOhBcDRogeXOfoTezcio3pUJgDQ3i+
                                                                                                                                                                                                        MD5:78AEF441C9152A17DD4DC40C7CC9DF69
                                                                                                                                                                                                        SHA1:6BB6F8426AFA6522E647DFC82B1B64FAF3A9781F
                                                                                                                                                                                                        SHA-256:56E4E4B156295F1AAA22ECB5481841DE2A9EB84845A16E12A7C18C7C3B05B707
                                                                                                                                                                                                        SHA-512:27B27E77BE81B29D42359FE28531225383860BCD19A79044090C4EA58D9F98009A254BF63585979C60B3134D47B8233941ABB354A291F23C8641A4961FA33107
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Y..f.........." .....(... ......P.....................................................`.........................................pI......lJ..d....p.......`..................(....A...............................A..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11776
                                                                                                                                                                                                        Entropy (8bit):4.862619033406922
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:0Ga+F/1NtJ9t4udqaj01rlALnNNJSS2sP+YEdMN+F9FdKaWDULk+VOmWbucX6gR7:PF/1n7Guqaj0ktfEON+bMDUlJcqg0Gd
                                                                                                                                                                                                        MD5:19E0ABF76B274C12FF624A16713F4999
                                                                                                                                                                                                        SHA1:A4B370F556B925F7126BF87F70263D1705C3A0DB
                                                                                                                                                                                                        SHA-256:D9FDA05AE16C5387AB46DC728C6EDCE6A3D0A9E1ABDD7ACB8B32FC2A17BE6F13
                                                                                                                                                                                                        SHA-512:D03033EA5CF37641FBD802EBEB5019CAEF33C9A78E01519FEA88F87E773DCA92C80B74BA80429B530694DAD0BFA3F043A7104234C7C961E18D48019D90277C8E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...Y..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......$..............@....pdata..X....P.......&..............@..@.rsrc........`.......*..............@..@.reloc..(....p.......,..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):14336
                                                                                                                                                                                                        Entropy (8bit):5.227045547076371
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:saF/1n7Guqaj0ktrE8o2o+V2rQnjt1wmg9jtveDn4clG6VcqgOvgdd:swGXkFE8Zo+AojO9jZeDf5rgOvgz
                                                                                                                                                                                                        MD5:309D6F6B0DD022EBD9214F445CAC7BB9
                                                                                                                                                                                                        SHA1:ABD22690B7AD77782CFC0D2393D0C038E16070B0
                                                                                                                                                                                                        SHA-256:4FBE188C20FB578D4B66349D50AA6FFE4AB86844FB6427C57738F36780D1E2E2
                                                                                                                                                                                                        SHA-512:D1951FE92F83E7774E8E877815BED6E6216D56EF18B7F1C369D678CB6E1814243659E9FA7ABC0D22FB5B34A9D50A51D5A89BA00AE1FDD32157FD0FF9902FB4B7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...x........................... ..`.rdata.......0....... ..............@..@.data...H....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):13824
                                                                                                                                                                                                        Entropy (8bit):5.176369829782773
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:rF/1n7Guqaj0ktrESsrUW+SBjsK5tcQmEreD2mf1AoxkVcqgOvgXQ:rGXkFE/UW575tA2eDp1Ao2rgOvgX
                                                                                                                                                                                                        MD5:D54FEB9A270B212B0CCB1937C660678A
                                                                                                                                                                                                        SHA1:224259E5B684C7AC8D79464E51503D302390C5C9
                                                                                                                                                                                                        SHA-256:032B83F1003A796465255D9B246050A196488BAC1260F628913E536314AFDED4
                                                                                                                                                                                                        SHA-512:29955A6569CA6D039B35BB40C56AEEB75FC765600525D0B469F72C97945970A428951BAB4AF9CD21B3161D5BBA932F853778E2674CA83B14F7ABA009FA53566F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...h........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata..@....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_MD2.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):14336
                                                                                                                                                                                                        Entropy (8bit):5.047563322651927
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:6alCvH32p3/2pnEhKnLg9yH8puzoFaPERIQAvHD9CIg5kP:5CvHmp3OpnEhmLg9yH8puzoFaPERIQgI
                                                                                                                                                                                                        MD5:52DCD4151A9177CF685BE4DF48EA9606
                                                                                                                                                                                                        SHA1:F444A4A5CBAE9422B408420115F0D3FF973C9705
                                                                                                                                                                                                        SHA-256:D54375DC0652358A6E4E744F1A0EAEEAD87ACCD391A20D6FF324FE14E988A122
                                                                                                                                                                                                        SHA-512:64C54B89F2637759309ECC6655831C3A6755924ED70CBC51614061542EB9BA9A8AECF6951EB3AB92447247DC4D7D846C88F4957DBBE4484A9AB934343EE27178
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Q..f.........." ......... ......P.....................................................`.........................................@9.......9..d....`.......P..(............p..(....2...............................2..8............0...............................text...X........................... ..`.rdata..@....0......................@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_MD4.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):13824
                                                                                                                                                                                                        Entropy (8bit):5.09893680790018
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:xsiXeqVb0lwbH4P01sAD7I/9hAkwDWzBEbcqgqLg:valqH4M1sAD7KvpwDFtgqLg
                                                                                                                                                                                                        MD5:F929B1A3997427191E07CF52AC883054
                                                                                                                                                                                                        SHA1:C5EA5B68586C2FB09E5FDD20D4DD616D06F5CBA6
                                                                                                                                                                                                        SHA-256:5386908173074FABD95BF269A9DF0A4E1B21C0576923186F449ABF4A820F6A8E
                                                                                                                                                                                                        SHA-512:2C79DBCE2C21214D979AB86DD989D41A3AFA7FCB7F3B79BA9974E2EE8F832DD7CA20C1C87C0C380DB037D776FE6D0851D60AD55A08AFDE0003B7E59214DD2F3B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ................P.....................................................`.........................................08.......8..d....`.......P..(............p..(....1...............................2..8............0...............................text............................... ..`.rdata..0....0......................@..@.data........@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_MD5.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15360
                                                                                                                                                                                                        Entropy (8bit):5.451865349855574
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:KfwogDHER1wuiDSyoGTgDZOviNgEPrLg:ugDHELwuiDScTgDwi+EP
                                                                                                                                                                                                        MD5:1FA5E257A85D16E916E9C22984412871
                                                                                                                                                                                                        SHA1:1AC8EE98AD0A715A1B40AD25D2E8007CDC19871F
                                                                                                                                                                                                        SHA-256:D87A9B7CAD4C451D916B399B19298DC46AAACC085833C0793092641C00334B8E
                                                                                                                                                                                                        SHA-512:E4205355B647C6E28B7E4722328F51DC2EB3A109E9D9B90F7C53D7A80A5A4B10E40ABDDAB1BA151E73EF3EB56941F843535663F42DCE264830E6E17BB659EADF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ..... ..........P.....................................................`..........................................8......`9..d....`.......P..X............p..(....1...............................1..8............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):13824
                                                                                                                                                                                                        Entropy (8bit):5.104245335186531
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:3F/1n7Guqaj0kt7/Ev9kt0Qwac6QzD8iD0QocqgI4G0S:nGXkd/EvGt9wacNDvAgI4v
                                                                                                                                                                                                        MD5:FAD578A026F280C1AE6F787B1FA30129
                                                                                                                                                                                                        SHA1:9A3E93818A104314E172A304C3D117B6A66BEB55
                                                                                                                                                                                                        SHA-256:74A1FF0801F4704158684267CD8E123F83FB6334FE522C1890AC4A0926F80AB1
                                                                                                                                                                                                        SHA-512:ACF8F5B382F3B4C07386505BBDCAF625D13BCC10AA93ED641833E3548261B0AD1063E2F59BE2FCD2AFAF3D315CB3FC5EB629CEFC168B33CFD65A3A6F1120F7FF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ......... ......P.....................................................`..........................................9.......:..d....`.......P...............p..(...@3..............................`3..8............0...............................text...H........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_SHA1.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):17920
                                                                                                                                                                                                        Entropy (8bit):5.671305741258107
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:APHoDUntQj0sKhDOJ+0QPSfu6rofDjiZzgE+kbwb:VUOYsKNO466DjoUE+
                                                                                                                                                                                                        MD5:556E6D0E5F8E4DA74C2780481105D543
                                                                                                                                                                                                        SHA1:7A49CDEF738E9FE9CD6CD62B0F74EAD1A1774A33
                                                                                                                                                                                                        SHA-256:247B0885CF83375211861F37B6DD1376AED5131D621EE0137A60FE7910E40F8B
                                                                                                                                                                                                        SHA-512:28FA0CE6BDBCC5E95B80AADC284C12658EF0C2BE63421AF5627776A55050EE0EA0345E30A15B744FC2B2F5B1B1BBB61E4881F27F6E3E863EBAAEED1073F4CDA1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." .....*..........P.....................................................`..........................................H......hI..d....p.......`..X...............(....A...............................A..8............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_SHA224.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                        Entropy (8bit):5.878701941774916
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:EJWo4IRCGHX1KXqHGcvYHp5RYcARQOj4MSTjqgPmJD1OhgkxEv:EcIRnHX1P/YtswvaD1Rk
                                                                                                                                                                                                        MD5:2F2655A7BBFE08D43013EDDA27E77904
                                                                                                                                                                                                        SHA1:33D51B6C423E094BE3E34E5621E175329A0C0914
                                                                                                                                                                                                        SHA-256:C734ABBD95EC120CB315C43021C0E1EB1BF2295AF9F1C24587334C3FCE4A5BE1
                                                                                                                                                                                                        SHA-512:8AF99ACC969B0E560022F75A0CDCAA85D0BDEADADEACD59DD0C4500F94A5843EA0D4107789C1A613181B1F4E5252134A485EF6B1D9D83CDB5676C5FEE4D49B90
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_SHA256.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                        Entropy (8bit):5.881781476285865
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:EJWo4IRCGHXfKXqHGcvYHp5RYcARQOj4MSTjqgPmJD12gkxEv:EcIRnHXfP/YtswvaD1zk
                                                                                                                                                                                                        MD5:CDE035B8AB3D046B1CE37EEE7EE91FA0
                                                                                                                                                                                                        SHA1:4298B62ED67C8D4F731D1B33E68D7DC9A58487FF
                                                                                                                                                                                                        SHA-256:16BEA322D994A553B293A724B57293D57DA62BC7EAF41F287956B306C13FD972
                                                                                                                                                                                                        SHA-512:C44FDEE5A210459CE4557351E56B2D357FD4937F8EC8EACEAB842FEE29761F66C2262FCBAAC837F39C859C67FA0E23D13E0F60B3AE59BE29EB9D8ABAB0A572BB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_SHA384.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):26624
                                                                                                                                                                                                        Entropy (8bit):5.837887867708438
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:e839Cc4itui0gel9soFdkO66MlPGXmXcyYDTzks:Ns4u/FZ6nPxMLDvk
                                                                                                                                                                                                        MD5:999D431197D7E06A30E0810F1F910B9A
                                                                                                                                                                                                        SHA1:9BFF781221BCFFD8E55485A08627EC2A37363C96
                                                                                                                                                                                                        SHA-256:AB242B9C9FB662C6F7CB57F7648F33983D6FA3BB0683C5D4329EC2CC51E8C875
                                                                                                                                                                                                        SHA-512:A5DD92DD471ADB44EEFE5919EF9CA3978724E21174DF5B3A9C1F0AB462F928E5A46A460D02417DB7522F5DE3BFEED5EEE6B1EAFAF3E621722E85E72675F7096F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`..........................................k.......l..d...............................(...pd...............................d..8............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_SHA512.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):26624
                                                                                                                                                                                                        Entropy (8bit):5.895310340516013
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:lcX9Nf4ttui0gel9soFdkO66MlPGXmXc/vDTOvk:a38u/FZ6nPxM3DAk
                                                                                                                                                                                                        MD5:0931ABBF3AED459B1A2138B551B1D3BB
                                                                                                                                                                                                        SHA1:9EC0296DDAF574A89766A2EC035FC30073863AB0
                                                                                                                                                                                                        SHA-256:1729A0DC6B80CB7A3C07372B98B10D3C6C613EA645240878E1FDE6A992FA06F1
                                                                                                                                                                                                        SHA-512:9F970BB4D10B94F525DDDDE307C7DA5E672BBFB3A3866A34B89B56ADA99476724FD690A4396857182749294F67F36DB471A048789FB715D2A7DAF46917FC1947
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`.........................................@l......(m..d...............................(....d...............................e..8............`...............................text...hG.......H.................. ..`.rdata..x....`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):12800
                                                                                                                                                                                                        Entropy (8bit):4.967737129255606
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:dMpWt/1nCuqaL0kt7TsEx2fiTgDZqGF0T7cqgkLgJ:k/k1Ts64DDJyBgkLg
                                                                                                                                                                                                        MD5:5F057A380BACBA4EF59C0611549C0E02
                                                                                                                                                                                                        SHA1:4B758D18372D71F0AA38075F073722A55B897F71
                                                                                                                                                                                                        SHA-256:BCB14DAC6C87C24269D3E60C46B49EFFB1360F714C353318F5BBAA48C79EC290
                                                                                                                                                                                                        SHA-512:E1C99E224745B86EE55822C1DBCB4555A11EC31B72D87B46514917EB61E0258A1C6D38C4F592969C17EB4F0F74DA04BCECA31CF1622720E95F0F20E9631792E8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." ................P.....................................................`.........................................P8.......8..d....`.......P...............p..(....1...............................1..8............0...............................text............................... ..`.rdata..2....0......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):13312
                                                                                                                                                                                                        Entropy (8bit):5.007867576025166
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:bMt/1nCuqaL0ktPH0T7fwtF4zDn2rGacqgRGd:1/kpU3Yv4zDXqgRGd
                                                                                                                                                                                                        MD5:49BCA1B7DF076D1A550EE1B7ED3BD997
                                                                                                                                                                                                        SHA1:47609C7102F5B1BCA16C6BAD4AE22CE0B8AEE9E9
                                                                                                                                                                                                        SHA-256:49E15461DCB76690139E71E9359F7FCF92269DCCA78E3BFE9ACB90C6271080B2
                                                                                                                                                                                                        SHA-512:8574D7FA133B72A4A8D1D7D9FDB61053BC88C2D238B7AC7D519BE19972B658C44EA1DE433885E3206927C75DD5D1028F74999E048AB73189585B87630F865466
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_keccak.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15872
                                                                                                                                                                                                        Entropy (8bit):5.226023387740053
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:rfRKTN+HLjRskTdf4WazSTkwjEvuY2bylHDiYIgovg:mcHfRl5pauoSjy5DiE
                                                                                                                                                                                                        MD5:CB5CFDD4241060E99118DEEC6C931CCC
                                                                                                                                                                                                        SHA1:1E7FED96CF26C9F4730A4621CA9D18CECE3E0BCE
                                                                                                                                                                                                        SHA-256:A8F809B6A417AF99B75EEEEA3ECD16BDA153CBDA4FFAB6E35CE1E8C884D899C4
                                                                                                                                                                                                        SHA-512:8A89E3563C14B81353D251F9F019D8CBF07CB98F78452B8522413C7478A0D77B9ABF2134E4438145D6363CDA39721D2BAE8AD13D1CDACCBB5026619D95F931CF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...U..f.........." ..... ... ......P.....................................................`..........................................9.......9..d....`.......P..X............p..(...p2...............................2..8............0...............................text............ .................. ..`.rdata..@....0.......$..............@..@.data........@.......4..............@....pdata..X....P.......6..............@..@.rsrc........`.......:..............@..@.reloc..(....p.......<..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Hash\_poly1305.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):14848
                                                                                                                                                                                                        Entropy (8bit):5.262055670423592
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:C/ZN2eq/b04PAHH41F6fnVS0sVn+5CA5Z1cD66WGcqgFjLg:vI4IHHaQfSVnCZyDImgFjLg
                                                                                                                                                                                                        MD5:18D2D96980802189B23893820714DA90
                                                                                                                                                                                                        SHA1:5DEE494D25EB79038CBC2803163E2EF69E68274C
                                                                                                                                                                                                        SHA-256:C2FD98C677436260ACB9147766258CB99780A007114AED37C87893DF1CF1A717
                                                                                                                                                                                                        SHA-512:0317B65D8F292332C5457A6B15A77548BE5B2705F34BB8F4415046E3E778580ABD17B233E6CC2755C991247E0E65B27B5634465646715657B246483817CACEB7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...V..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..|............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata..|....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Math\_modexp.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):36352
                                                                                                                                                                                                        Entropy (8bit):5.913843738203007
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:dspbXtHQY4ubrttQza9CHnZXQsnecAlOF0qZLAXxQI3Sya6XPpMg3Yx8MnDcCPSq:7Y44UagH6cAFCLUSYpMg3YDzPo5kG9G
                                                                                                                                                                                                        MD5:EF472BA63FD22922CA704B1E7B95A29E
                                                                                                                                                                                                        SHA1:700B68E7EF95514D5E94D3C6B10884E1E187ACD8
                                                                                                                                                                                                        SHA-256:66EEF4E6E0CEEEF2C23A758BFBEDAE7C16282FC93D0A56ACAFC40E871AC3F01C
                                                                                                                                                                                                        SHA-512:DC2060531C4153C43ABF30843BCB5F8FA082345CA1BB57F9AC8695EDDB28FF9FDA8132B6B6C67260F779D95FCADCAE2811091BCA300AB1E041FAE6CC7B50ABD8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .....`...0......`.....................................................`..........................................~..|...L...d...............<...............(....q...............................q..8............p..(............................text...X^.......`.................. ..`.rdata.......p.......d..............@..@.data................x..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Protocol\_scrypt.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                        Entropy (8bit):4.735350805948923
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:rhsC3eqv6b0q3OQ3rHu5bc64OhD2I/p3cqgONLg:r/Hq3jHuY64OhDJJgONLg
                                                                                                                                                                                                        MD5:3B1CE70B0193B02C437678F13A335932
                                                                                                                                                                                                        SHA1:063BFD5A32441ED883409AAD17285CE405977D1F
                                                                                                                                                                                                        SHA-256:EB2950B6A2185E87C5318B55132DFE5774A5A579259AB50A7935A7FB143EA7B1
                                                                                                                                                                                                        SHA-512:0E02187F17DFCFD323F2F0E62FBFE35F326DCF9F119FC8B15066AFAEEE4EB7078184BC85D571B555E9E67A2DD909EC12D8A67E3D075E9B1283813EF274E05C0D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...Z..f.........." ................P.....................................................`..........................................8..d....8..d....`.......P..4............p..(....1...............................1..8............0...............................text...H........................... ..`.rdata..0....0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey\_curve25519.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):22528
                                                                                                                                                                                                        Entropy (8bit):5.705606408072877
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:19BcRxBmau38CYIl9bhgIW0mvufueNr359/tjGGDEFSegqrA:NcRy38J+9dmvufFtaGDV
                                                                                                                                                                                                        MD5:FF33C306434DEC51D39C7BF1663E25DA
                                                                                                                                                                                                        SHA1:665FCF47501F1481534597C1EAC2A52886EF0526
                                                                                                                                                                                                        SHA-256:D0E3B6A2D0E073B2D9F0FCDB051727007943A17A4CA966D75EBA37BECDBA6152
                                                                                                                                                                                                        SHA-512:66A909DC9C3B7BD4050AA507CD89B0B3A661C85D33C881522EC9568744953B698722C1CBFF093F9CBCD6119BD527FECAB05A67F2E32EC479BE47AFFA4377362C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...\..f.........." .....6...$......P.....................................................`.........................................`Y......`Z..d............p..................(....R..............................0R..8............P...............................text...(5.......6.................. ..`.rdata.......P.......:..............@..@.data........`.......J..............@....pdata.......p.......P..............@..@.rsrc................T..............@..@.reloc..(............V..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey\_curve448.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):70656
                                                                                                                                                                                                        Entropy (8bit):6.0189903352673655
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:Jfju4GgRMgWWnEDZiECgd/iwOXUQdbhov0Clb8Cx4hpK8ithLFIDullRPwDHxXOa:pXRMgWiEDZiECgd/iwOXUQdbhov0ClbU
                                                                                                                                                                                                        MD5:F267BF4256F4105DAD0D3E59023011ED
                                                                                                                                                                                                        SHA1:9BC6CA0F375CE49D5787C909D290C07302F58DA6
                                                                                                                                                                                                        SHA-256:1DDE8BE64164FF96B2BAB88291042EB39197D118422BEE56EB2846E7A2D2F010
                                                                                                                                                                                                        SHA-512:A335AF4DBF1658556ED5DC13EE741419446F7DAEC6BD2688B626A803FA5DD76463D6367C224E0B79B17193735E2C74BA417C26822DAEEF05AC3BAB1588E2DE83
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...\..f.........." .........8......`........................................P............`.............................................0.......d....0....... ..$............@..(.......................................8............................................text...8........................... ..`.rdata..............................@..@.data...............................@....pdata..$.... ......................@..@.rsrc........0......................@..@.reloc..(....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):770560
                                                                                                                                                                                                        Entropy (8bit):7.613224993327352
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:XtIrHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h:XtIrHoxJFf1p34hcrn5Go9yQO6
                                                                                                                                                                                                        MD5:1EFD7F7CB1C277416011DE6F09C355AF
                                                                                                                                                                                                        SHA1:C0F97652AC2703C325AB9F20826A6F84C63532F2
                                                                                                                                                                                                        SHA-256:AB45FA80A68DB1635D41DC1A4AAD980E6716DAC8C1778CB5F30CDB013B7DF6E6
                                                                                                                                                                                                        SHA-512:2EC4B88A1957733043BBD63CEAA6F5643D446DB607B3267FAD1EC611E6B0AF697056598AAC2AE5D44AB2B9396811D183C32BCE5A0FF34E583193A417D1C5226B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.. .. .. ... .. ..!.. ..!.. .. .. ..!.. ..!.. ..!.. \..!.. \..!.. \.r .. \..!.. Rich.. ................PE..d...[..f.........." ................`.....................................................`.............................................h.......d...............................0......................................8...............(............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):26112
                                                                                                                                                                                                        Entropy (8bit):5.8551858881598795
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:BczadRwoF2MZ81n0XTyMCYIl9bhgIW0mv8aeadRcwRwftjGLD2pRQNgQQ77k:2udRf2MuMJ+9dmv8aea34taLDcfQ
                                                                                                                                                                                                        MD5:C5FB377F736ED731B5578F57BB765F7A
                                                                                                                                                                                                        SHA1:5BA51E11F4DE1CAEDEBA0F7D4D10EC62EC109E01
                                                                                                                                                                                                        SHA-256:32073DF3D5C85ABCE7D370D6E341EF163A8350F6A9EDC775C39A23856CCFDD53
                                                                                                                                                                                                        SHA-512:D361BCDAF2C700D5A4AC956D96E00961432C05A1B692FC870DB53A90F233A6D24AA0C3BE99E40BD8E5B7C6C1B2BCDCDCFC545292EF321486FFC71C5EA7203E6A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...]..f.........." .....B...&......P.....................................................`..........................................i..0....k..d...............................(... b..............................@b..8............`...............................text....A.......B.................. ..`.rdata..P....`.......F..............@..@.data........p.......V..............@....pdata...............^..............@..@.rsrc................b..............@..@.reloc..(............d..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\PublicKey\_ed448.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):84992
                                                                                                                                                                                                        Entropy (8bit):6.064677498000638
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:BrYNvxcZeLrIeNs2qkTwe57DsuP45PqAqVDK9agdUiwOXyQdDrov0slb8gx4TBKW:Br4vxcZeLrIeN1TvHsuP45yAqVDK9ag3
                                                                                                                                                                                                        MD5:8A0C0AA820E98E83AC9B665A9FD19EAF
                                                                                                                                                                                                        SHA1:6BF5A14E94D81A55A164339F60927D5BF1BAD5C4
                                                                                                                                                                                                        SHA-256:4EE3D122DCFFE78E6E7E76EE04C38D3DC6A066E522EE9F7AF34A09649A3628B1
                                                                                                                                                                                                        SHA-512:52496AE7439458DEDB58A65DF9FFDCC3A7F31FC36FE7202FB43570F9BB03ABC0565F5EF32E5E6C048ED3EBC33018C19712E58FF43806119B2FB5918612299E7E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .........8......`.....................................................`..........................................C..h...HE..d....p.......`..l...............(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata..l....`.......>..............@..@.rsrc........p.......H..............@..@.reloc..(............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Util\_cpuid_c.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                        Entropy (8bit):4.675380950473425
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:frQRpBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSztllIDpqf4AZaRcX6gnO:Qddz2KTnThIz0qfteRIDgRWcqgnCWt
                                                                                                                                                                                                        MD5:44B930B89CE905DB4716A548C3DB8DEE
                                                                                                                                                                                                        SHA1:948CBFF12A243C8D17A7ACD3C632EE232DF0F0ED
                                                                                                                                                                                                        SHA-256:921C2D55179C0968535B20E9FD7AF55AD29F4CE4CF87A90FE258C257E2673AA5
                                                                                                                                                                                                        SHA-512:79DF755BE8B01D576557A4CB3F3200E5EE1EDE21809047ABB9FF8D578C535AC1EA0277EDA97109839A7607AF043019F2C297E767441C7E11F81FDC87FD1B6EFC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................@'..|....'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Crypto\Util\_strxor.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                        Entropy (8bit):4.625428549874022
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:flipBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSzteXuDVZqYNIfcX6gHCWx:Cddz2KTnThIz0qfteR5DVwYkcqgHCWt
                                                                                                                                                                                                        MD5:F24F9356A6BDD29B9EF67509A8BC3A96
                                                                                                                                                                                                        SHA1:A26946E938304B4E993872C6721EB8CC1DCBE43B
                                                                                                                                                                                                        SHA-256:034BB8EFE3068763D32C404C178BD88099192C707A36F5351F7FDB63249C7F81
                                                                                                                                                                                                        SHA-512:C4D3F92D7558BE1A714388C72F5992165DD7A9E1B4FA83B882536030542D93FDAD9148C981F76FFF7868192B301AC9256EDB8C3D5CE5A1A2ACAC183F96C1028B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...Z..f.........." ................P........................................p............`......................................... '..t....'..P....P.......@...............`..(....!...............................!..8............ ...............................text...h........................... ..`.rdata..`.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Pythonwin\mfc140u.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5653536
                                                                                                                                                                                                        Entropy (8bit):6.729079283804055
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:ULnsrdZXUTQyJa9qgUUjlQNXkW8GCBTDgHsYogTYn3s3pQMqSj+vTCfEs7ATWYls:UoJUEUYS3zUQFLOAkGkzdnEVomFHKnP+
                                                                                                                                                                                                        MD5:CD1D99DF975EE5395174DF834E82B256
                                                                                                                                                                                                        SHA1:F395ADA2EFC6433B34D5FBC5948CB47C7073FA43
                                                                                                                                                                                                        SHA-256:D8CA1DEA862085F0204680230D29BFF4D168FFF675AB4700EEAF63704D995CB3
                                                                                                                                                                                                        SHA-512:397F725E79CA2C68799CF68DFB111A1570427F3D2175D740758C387BDAA508BC9014613E997B92FC96E884F66BB17F453F8AA035731AFD022D9A4E7095616F87
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.cu...&...&...&...'...&...'...&...'...&..&...&G..'...&G..'...&...'...&...&..&G..'...&G..'...&G..'...&G..'...&G..&...&G..'...&Rich...&................PE..d...9.:e.........." .....(-..X)......X,.......................................V.....&~V...`A..........................................:.....h.;.......?......`=..8....V. (...PU.0p..P.5.T...........................`...8............@-.P...(.:......................text....&-......(-................. ..`.rdata.......@-......,-.............@..@.data....6... <.......<.............@....pdata...8...`=..:....<.............@..@.didat..H.....?.......?.............@....rsrc.........?.......?.............@..@.reloc..0p...PU..r....T.............@..B................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\Pythonwin\win32ui.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1142272
                                                                                                                                                                                                        Entropy (8bit):6.044159301267025
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:ETqIp0hPXIZSPzQ5u0j1Sn1w0vhYvSZav8pqR4aPFTP86:ETqImIN5pA1BlZZcyal
                                                                                                                                                                                                        MD5:79FF2A54A88364617450A95224BAAFFD
                                                                                                                                                                                                        SHA1:BDF9B430C6DC1CC83E4572761A19C0FEC65E7362
                                                                                                                                                                                                        SHA-256:18D37C6FEE55515F9242D31A627671EC4413A428B08A14EA329D8D9B2A54D57F
                                                                                                                                                                                                        SHA-512:7A97A7F0044E74FD6A05451F6CEB68D5E08E1ECE6D6E9BEDAA7D0C4AA2009834C5374E2ADAF66990AD3D7C1BFD21716DAA0AE77412E85532288CFFFEB08169C8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}.K.............d].....-i......#i.......d.......i.......i.......i...............i......-i......-i......-i1.....-i......Rich....................PE..d......g.........." .........p......T.....................................................`..............................................T...q..h...............................`\..@...T.......................(.......8................0...........................text............................... ..`.rdata..............................@..@.data...............................@....pdata...............`..............@..@.rsrc...............................@..@.reloc..`\.......^..................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\VCRUNTIME140.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):97160
                                                                                                                                                                                                        Entropy (8bit):6.422776154074499
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:yDHLG4SsAzAvadZw+1Hcx8uIYNUzUnHg4becbK/zJrCT:yDrfZ+jPYNznHg4becbK/Fr
                                                                                                                                                                                                        MD5:11D9AC94E8CB17BD23DEA89F8E757F18
                                                                                                                                                                                                        SHA1:D4FB80A512486821AD320C4FD67ABCAE63005158
                                                                                                                                                                                                        SHA-256:E1D6F78A72836EA120BD27A33AE89CBDC3F3CA7D9D0231AAA3AAC91996D2FA4E
                                                                                                                                                                                                        SHA-512:AA6AFD6BEA27F554E3646152D8C4F96F7BCAAA4933F8B7C04346E410F93F23CFA6D29362FD5D51CCBB8B6223E094CD89E351F072AD0517553703F5BF9DE28778
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d....(.`.........." .........`......p.....................................................`A.........................................B..4....J...............p..X....X...#..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\VCRUNTIME140_1.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):37256
                                                                                                                                                                                                        Entropy (8bit):6.2987721506649335
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:5InvMCmWEyhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+XfbmuncS74GdWrUKWj14gHg:dCm5yhUcwrHY/ntTxT6ovR7VxIV1z
                                                                                                                                                                                                        MD5:7667B0883DE4667EC87C3B75BED84D84
                                                                                                                                                                                                        SHA1:E6F6DF83E813ED8252614A46A5892C4856DF1F58
                                                                                                                                                                                                        SHA-256:04E7CCBDCAD7CBAF0ED28692FB08EAB832C38AAD9071749037EE7A58F45E9D7D
                                                                                                                                                                                                        SHA-512:968CBAAFE416A9E398C5BFD8C5825FA813462AE207D17072C035F916742517EDC42349A72AB6795199D34CCECE259D5F2F63587CFAEB0026C0667632B05C5C74
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D_.O.>...>...>...N...>..RK...>...F^..>...>..1>..RK...>..RK...>..RK...>..RK...>..RK2..>..RK...>..Rich.>..........................PE..d....(.`.........." .....:...6......`A....................................................`A.........................................l.......m..x....................n...#......<...(b..T............................b..8............P..X............................text...e9.......:.................. ..`.rdata.. "...P...$...>..............@..@.data... ............b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..<............l..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\_bz2.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):80112
                                                                                                                                                                                                        Entropy (8bit):6.4309989963681105
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:owz7h8B7BjhJCZePYgIjFNf8AnZydTBIAMVyyw:owz18BrJCJgIHEAodTBIAMVy
                                                                                                                                                                                                        MD5:B45E82A398713163216984F2FEBA88F6
                                                                                                                                                                                                        SHA1:EAAF4B91DB6F67D7C57C2711F4E968CE0FE5D839
                                                                                                                                                                                                        SHA-256:4C2649DC69A8874B91646723AACB84C565EFEAA4277C46392055BCA9A10497A8
                                                                                                                                                                                                        SHA-512:B9C4F22DC4B52815C407AB94D18A7F2E1E4F2250AECDB2E75119150E69B006ED69F3000622EC63EABCF0886B7F56FFDB154E0BF57D8F7F45C3B1DD5C18B84EC8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G..>...m...m...m..=m...mQ..l...me.Sm...mQ..l...mQ..l...mQ..l...m...l...m...l...m...m\..m...l...m...l...m..Qm...m...l...mRich...m................PE..d....O[a.........." .........^...............................................P............`.............................................H............0....... ..,............@......`...T...............................8............................................text...U........................... ..`.rdata..\>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\_cffi_backend.cp310-win_amd64.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):178176
                                                                                                                                                                                                        Entropy (8bit):6.160618368535074
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:a28mc0wlApJaPh2dEVWkS0EDejc2zSTBcS7EkSTLkKDtJbtb:axTlApohBV1S0usWchkSTLLDDt
                                                                                                                                                                                                        MD5:2BAAA98B744915339AE6C016B17C3763
                                                                                                                                                                                                        SHA1:483C11673B73698F20CA2FF0748628C789B4DC68
                                                                                                                                                                                                        SHA-256:4F1CE205C2BE986C9D38B951B6BCB6045EB363E06DACC069A41941F80BE9068C
                                                                                                                                                                                                        SHA-512:2AE8DF6E764C0813A4C9F7AC5A08E045B44DAAC551E8FF5F8AA83286BE96AA0714D373B8D58E6D3AA4B821786A919505B74F118013D9FCD1EBC5A9E4876C2B5F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#...p...p...p...p...p.y.q...p.y{p...p.y.q...p.y.q...p.y.q...p.q...pi..q...p...pX..p.x.q...p...p...p.x.q...p.xyp...p.x.q...pRich...p................PE..d......f.........." ...).....B.............................................. ............`.........................................PX..l....X.......................................?...............................=..@............................................text............................... ..`.rdata..............................@..@.data....].......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\_ctypes.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):120040
                                                                                                                                                                                                        Entropy (8bit):5.921989765012805
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:SHcKPoHQUCFN1KQDCVPJGltBfrShpl7PFIABPI:ShP0ChjCxJGl3frSVzo
                                                                                                                                                                                                        MD5:79F339753DC8954B8EB45FE70910937E
                                                                                                                                                                                                        SHA1:3AD1BF9872DC779F32795988EB85C81FE47B3DD4
                                                                                                                                                                                                        SHA-256:35CDD122679041EBEF264DE5626B7805F3F66C8AE6CC451B8BC520BE647FA007
                                                                                                                                                                                                        SHA-512:21E567E813180ED0480C4B21BE3E2E67974D8D787E663275BE054CEE0A3F5161FC39034704DBD25F1412FEB021D6A21B300A32D1747DEE072820BE81B9D9B753
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......XP...1a..1a..1a..I..1a.ND`..1a.NDd..1a.NDe..1a.NDb..1a..D`..1a..Ze..1a..Z`..1a..X`..1a..1`..1a..Dl..1a..Da..1a..D...1a..Dc..1a.Rich.1a.................PE..d....O[a.........." .................[....................................................`.........................................0Q.......Q..........................................T...........................0...8...............@............................text...d........................... ..`.rdata...l.......n..................@..@.data...T>...p...8...`..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\_decimal.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):247528
                                                                                                                                                                                                        Entropy (8bit):6.5130349256035975
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:xJADMQRl2npdNqRb8o+wmxYk29qWMa3pLW1ALH+4t4g3:IDMQ2Nqi02/U/+g3
                                                                                                                                                                                                        MD5:1CDD7239FC63B7C8A2E2BC0A08D9EA76
                                                                                                                                                                                                        SHA1:85EF6F43BA1343B30A223C48442A8B4F5254D5B0
                                                                                                                                                                                                        SHA-256:384993B2B8CFCBF155E63F0EE2383A9F9483DE92AB73736FF84590A0C4CA2690
                                                                                                                                                                                                        SHA-512:BA4E19E122F83D477CC4BE5E0DEA184DAFBA2F438A587DD4F0EF038ABD40CB9CDC1986EE69C34BAC3AF9CF2347BEA137FEEA3B82E02CCA1A7720D735CEA7ACDA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>..P..P..P.....P...Q..P...U..P...T..P...S..P.Q.Q..P...Q..P..Q...P.Q.S..P.Q.]..P.Q.P..P.Q...P.Q.R..P.Rich.P.................PE..d....O[a.........." .....r...:............................................................`..........................................T..P...@U...................'..............<... ...T...............................8............................................text...)q.......r.................. ..`.rdata...............v..............@..@.data....)...p...$...N..............@....pdata...'.......(...r..............@..@.rsrc...............................@..@.reloc..<...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\_hashlib.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):59112
                                                                                                                                                                                                        Entropy (8bit):6.088455033709072
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:13RNYlTw3glkXa/bNnVXP5ZV17reFyPXS9aEyp6fZIAYIPVDG4ywh2:2TRiXa/bNFLVFPXS93fZIAYI3yz
                                                                                                                                                                                                        MD5:CFB9E0A73A6C9D6D35C2594E52E15234
                                                                                                                                                                                                        SHA1:B86042C96F2CE6D8A239B7D426F298A23DF8B3B9
                                                                                                                                                                                                        SHA-256:50DAEB3985302A8D85CE8167B0BF08B9DA43E7D51CEAE50E8E1CDFB0EDF218C6
                                                                                                                                                                                                        SHA-512:22A5FD139D88C0EEE7241C5597D8DBBF2B78841565D0ED0DF62383AB50FDE04B13A203BDDEF03530F8609F5117869ED06894A572F7655224285823385D7492D2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T.................m.....B.......B.......B.......B.....................F......................................Rich....................PE..d....O[a.........." .....R...z......`>....................................................`.........................................P...P............................................y..T............................y..8............p..x............................text....P.......R.................. ..`.rdata...M...p...N...V..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\_lzma.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):153320
                                                                                                                                                                                                        Entropy (8bit):6.800724697808258
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:3o6xxrSqs+vs0H0q8bnpbVDbX5AyYCznfo9mNomenNjc3KBIAD15:3o6DrScRLCV3twYOmUQKt
                                                                                                                                                                                                        MD5:5A77A1E70E054431236ADB9E46F40582
                                                                                                                                                                                                        SHA1:BE4A8D1618D3AD11CFDB6A366625B37C27F4611A
                                                                                                                                                                                                        SHA-256:F125A885C10E1BE4B12D988D6C19128890E7ADD75BAA935FE1354721AA2DEA3E
                                                                                                                                                                                                        SHA-512:3C14297A1400A93D1A01C7F8B4463BFD6BE062EC08DAAF5EB7FCBCDE7F4FA40AE06E016FF0DE16CB03B987C263876F2F437705ADC66244D3EE58F23D6BF7F635
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l.h...h...h.......h.......h.......h.......h.......h..+....h.......h...h...h..+....h..+....h..+....h..+....h..Rich.h..........PE..d....O[a.........." .....^...........2..............................................`d....`......................................... ...L...l...x....`.......@.......:.......p..D...H{..T............................{..8............p...............................text....].......^.................. ..`.rdata......p.......b..............@..@.data........0......................@....pdata.......@......................@..@.rsrc........`......................@..@.reloc..D....p.......8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\_multiprocessing.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):29928
                                                                                                                                                                                                        Entropy (8bit):6.073847763367447
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:PSZtryImJxGC+sPDnrJIAAtDfDG4yKYh/:qLrUJsC+sPDnrJIAAtD5yKy
                                                                                                                                                                                                        MD5:FCE357F864A558C03ED17755F87D0E30
                                                                                                                                                                                                        SHA1:B74ECB2BEE03A8FF209F52F652C011F28D5AE4D0
                                                                                                                                                                                                        SHA-256:000486AAAC9DD21E88B3DC65FD854DD83519B1FBCC224A70530BC3EC8CBD1A5D
                                                                                                                                                                                                        SHA-512:564DEA2BF3410011A76CA5EA376DBA3EC9B2D03FD25248824F6C956FA5EA061C1A9EE6F6B65B021EA5BF9CC5E3AB9C6FCF4779446B920891A2C0979BBC57D58B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s... ... ... ..e ... ..!... ..!... ..!... ..!... !..!... ...!... ... ... !..!... !..!... !.. ... !..!... Rich... ................PE..d....O[a.........." .........<......0.....................................................`.........................................pD..`....D..x....p.......`.......X..............`3..T............................3..8............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data........P.......B..............@....pdata.......`.......H..............@..@.rsrc........p.......L..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\_queue.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):27376
                                                                                                                                                                                                        Entropy (8bit):6.111826139660432
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:ztfqkQfrUC+qFYS9F6N76r1PSMYpKnHgEFIAmUJDG4y8YSNhJl:zOrUC+Us6r1PSMjFFIAmUJDG4y4hP
                                                                                                                                                                                                        MD5:C9EE37E9F3BFFD296ADE10A27C7E5B50
                                                                                                                                                                                                        SHA1:B7EEE121B2918B6C0997D4889CFF13025AF4F676
                                                                                                                                                                                                        SHA-256:9ECEC72C5FE3C83C122043CAD8CEB80D239D99D03B8EA665490BBCED183CE42A
                                                                                                                                                                                                        SHA-512:C63BB1B5D84D027439AF29C4827FA801DF3A2F3D5854C7C79789CAD3F5F7561EB2A7406C6F599D2AC553BC31969DC3FA9EEF8648BED7282FBC5DC3FB3BA4307F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........a..}...}...}.......}......}......}......}......}..s....}.......}...}..}..s....}..s....}..s....}..s....}..Rich.}..........PE..d....O[a.........." .........8.......................................................w....`..........................................C..L....C..d....p.......`.......N...............3..T...........................p3..8............0.. ............................text...*........................... ..`.rdata.......0......................@..@.data........P.......:..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\_socket.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):74472
                                                                                                                                                                                                        Entropy (8bit):6.119165103878181
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:LmtpT7zWHzDfLrAe9/s+S+pBm/es6FIABwNyi:qTnzWzrAe9/sT+pBm/X6FIABwp
                                                                                                                                                                                                        MD5:5DD51579FA9B6A06336854889562BEC0
                                                                                                                                                                                                        SHA1:99C0ED0A15ED450279B01D95B75C162628C9BE1D
                                                                                                                                                                                                        SHA-256:3669E56E99AE3A944FBE7845F0BE05AEA96A603717E883D56A27DC356F8C2F2C
                                                                                                                                                                                                        SHA-512:7AA6C6587890AE8C3F9A5E97EBDE689243AC5B9ABB9B1E887F29C53EEF99A53E4B4EC100C03E1C043E2F0D330E7AF444C3CA886C9A5E338C2EA42AAACAE09F3E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......BV...7...7...7...Og..7..TB...7..TB..7..TB..7..TB...7...B...7...\...7...7...7...B...7...B...7...B...7...B...7..Rich.7..........................PE..d....O[a.........." .....l...........%.......................................P............`.............................................P............0....... ..<............@..........T..............................8............................................text...Vj.......l.................. ..`.rdata...s.......t...p..............@..@.data...............................@....pdata..<.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\_sqlite3.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):93416
                                                                                                                                                                                                        Entropy (8bit):6.082968229829419
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:6WRj/57JzRFSbiSBYNdS4JkFTH57GlrpD5T82SXEv/cttngyB+HmTq0eZIAYQikX:bRj51g7YNwIkpHsfD5Q2SXttgyB4zZII
                                                                                                                                                                                                        MD5:6486E5C8512BDDC5F5606D11FE8F21E0
                                                                                                                                                                                                        SHA1:650861B2C4A1D6689FF0A49BB916F8FF278BB387
                                                                                                                                                                                                        SHA-256:728D21BE4D47DD664CAF9FA60C1369FE059BC0498EDD383B27491D0DEE23E439
                                                                                                                                                                                                        SHA-512:F2C9267A3CAB31190079037E3CC5614F19C1235852454708C4978008EA9DA345892191750980AEBC809CC83DD1F5788B60F8CF39A6A41623210C96AF916D1821
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........V7F.8dF.8dF.8dO.d@.8d..9eD.8d ..dG.8d..=eJ.8d..<eN.8d..;eE.8d..9eC.8dR.9eD.8dF.9d..8d..5eO.8d..8eG.8d...dG.8d..:eG.8dRichF.8d........................PE..d....O[a.........." .................................................................b....`.............................................P............p.......P..\....P..........|...D...T...............................8...............H............................text...`........................... ..`.rdata...n.......p..................@..@.data...,....0......................@....pdata..\....P......................@..@.rsrc........p.......B..............@..@.reloc..|............L..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\_ssl.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):155880
                                                                                                                                                                                                        Entropy (8bit):5.928662213847181
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:wYb/EGIexVYBgWHaCJaLuJ3TE8sOGH70NmHh4kwooSLteSdo9QBIAM73:wY7jIexVYKUazuJMOADtho9QO
                                                                                                                                                                                                        MD5:11C5008E0BA2CAA8ADF7452F0AAAFD1E
                                                                                                                                                                                                        SHA1:764B33B749E3DA9E716B8A853B63B2F7711FCC7C
                                                                                                                                                                                                        SHA-256:BF63F44951F14C9D0C890415D013276498D6D59E53811BBE2FA16825710BEA14
                                                                                                                                                                                                        SHA-512:FCEB022D8694BCE6504D6B64DE4596E2B8252FC2427EE66300E37BCFF297579CC7D32A8CB8F847408EAA716CB053E20D53E93FBD945E3F60D58214E6A969C9DD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H..w&.w&.w&....w&...'.w&...#.w&...".w&...%.w&.%.'.w&...'.w&..'.w&.w'..v&.%.+.w&.%.&.w&.%...w&.%.$.w&.Rich.w&.................PE..d....O[a.........." ................l*..............................................2p....`............................................d...4........`.......P.......D.......p..8.......T...............................8...............x............................text...T........................... ..`.rdata..............................@..@.data....j.......f..................@....pdata.......P....... ..............@..@.rsrc........`.......,..............@..@.reloc..8....p.......6..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\_uuid.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20712
                                                                                                                                                                                                        Entropy (8bit):6.192560804933009
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:tvEaNKFDyLnM5BIADwQDuDG4y8i1Iah7PR0:tTNK4LM5BIADwiuDG4yNh7Z0
                                                                                                                                                                                                        MD5:AEEAD50876DDB63CB8E882989041D7DA
                                                                                                                                                                                                        SHA1:C9BF23227CED84D39BD33665444DE3E9064315C6
                                                                                                                                                                                                        SHA-256:C74AAEEC487457139B47C0AB56E01922BFAE6DEBEF562800E5B9B6BAF1EC9D6A
                                                                                                                                                                                                        SHA-512:74C8FE6CFD67E1984A2DF9BD998AE363519DE16B5840CABBA01660154FBEAC92E2C773ECC2884D531362E8A0B739673C44F450C1BEA05CA33EEF58A8E61BC2CA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f<I."]'."]'."]'.+%.. ]'.p(&. ]'.p(".)]'.p(#.*]'.p($.!]'..(&. ]'.66&.']'."]&..]'..(/.#]'..('.#]'..(..#]'..(%.#]'.Rich"]'.........................PE..d....O[a.........." .........&...... ........................................p......B.....`.........................................`)..L....)..x....P.......@.......4.......`..<...."..T...........................`"..8............ ..0............................text...X........................... ..`.rdata....... ......................@..@.data........0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..<....`.......2..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\base_library.zip

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):878682
                                                                                                                                                                                                        Entropy (8bit):5.684379151192553
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:LVghgWWy4C6Sdc7bA4a2Yqo3Vw9sfJEunw7SDQNh:LVgh1V4FLa2D2Vw9sfJEunNQNh
                                                                                                                                                                                                        MD5:4BB4E9FBD23477BA38E3D18636483678
                                                                                                                                                                                                        SHA1:C76C5FBD15104F2800400205EF7925E36D59D88A
                                                                                                                                                                                                        SHA-256:12851C5F8D56BF0B22C4693180CA630F13D5BE7BDEA5E1E3FC0B012269A69AC9
                                                                                                                                                                                                        SHA-512:7AAD6A4C4C252E53DDF4F7999638726B2C479457E553042351DA70BF110C5BF72B09B56276DD0B8F63896738556FA30E2D658574A3A1B53A25F4005264201CF6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:PK..........!.^/.............._collections_abc.pyco....................................@.......d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.e.e.....Z.e.d...Z.d.d...Z.e.e...Z.[.g.d...Z.d.Z.e.e.d.....Z.e.e.e.......Z.e.e.i.........Z.e.e.i.........Z.e.e.i.........Z.e.e.g.....Z.e.e.e.g.......Z.e.e.e.d.......Z.e.e.e.d.d.>.......Z.e.e.e.......Z.e.e.d.....Z e.e.d.....Z!e.e.e"......Z#e.i.......Z$e.i.......Z%e.i.......Z&e.e.j'..Z(e.d.d.......Z)d.d...Z*e*..Z*e.e*..Z+e*.,....[*d.d...Z-e-..Z-e.e-..Z.[-d.d...Z/G.d.d...d.e.d...Z0G.d.d...d.e.d...Z1G.d.d...d.e1..Z2e2.3e+....G.d.d...d.e.d...Z4G.d.d ..d e4..Z5G.d!d"..d"e5..Z6e6.3e.....G.d#d$..d$e.d...Z7G.d%d&..d&e7..Z8e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e ....e8.3e!....e8.3e#....G.d'd(..d(e7..Z9G.d)d*..d*e8..Z:e:.3e)....G.d+d,..d,e.d...Z;G.d-d...d.e.d...Z<G.d/d0..d0e;e7e<..Z=G.d1d2..d2e...Z>d3d4..Z?d5d6..Z@d7d8..ZAG.d9d:..d:e.d...ZBG.d;d<..d<e=..ZCeC.3eD....G.d=d>..d>eC..ZEeE.3e.....G.d?d@..d@e=..ZFeF

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\certifi\cacert.pem

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):294769
                                                                                                                                                                                                        Entropy (8bit):6.047057219398099
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:QW1x/M8fRRiplkXURrVADwYCuCCgT/Q5MSRqNb7d84u5Nahx:QWb/TRiLWURrId5MWavdX08/
                                                                                                                                                                                                        MD5:52A8319281308DE49CCEF4850A7245BC
                                                                                                                                                                                                        SHA1:43D20D833B084454311CA9B00DD7595C527CE3BB
                                                                                                                                                                                                        SHA-256:807897254F383A27F45E44F49656F378ABAB2141EDE43A4AD3C2420A597DD23F
                                                                                                                                                                                                        SHA-512:2764222C0CD8C862906AC0E3E51F201E748822FE9CE9B1008F3367FDD7F0DB7CC12BF86E319511157AF087DD2093C42E2D84232FAE023D35EE1E425E7C43382D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\charset_normalizer\md.cp310-win_amd64.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                                        Entropy (8bit):4.825419221995283
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:ij0fK74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFPCQAASmAolyc8H4ao:AFCk2z1/t12iwU5usJFLCyuoccg
                                                                                                                                                                                                        MD5:90245EDD2E2D307C3BF7DF4E4A30E142
                                                                                                                                                                                                        SHA1:06952B19180F687536F27DFB8BD69225AEDBED72
                                                                                                                                                                                                        SHA-256:7EDF019905C36CF7D81CFE1B5F5EEF1365AE118CBBA4138396247C9ACF93E813
                                                                                                                                                                                                        SHA-512:7B8B517EAEF6D662D7A2342B2E0867E79C0BE903623910BC049C157CADB97043989F949B64FEEF289BB05683777A1714841955507362C462FB5A73B3A2E2D420
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.................N......X......h_.......X.......X.......X.................<...X......X......X".....X......Rich....................PE..d.....jg.........." ...*.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):122880
                                                                                                                                                                                                        Entropy (8bit):5.908689578930274
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:TCIe0EsYCJ9lJNirv/ZlKwXy4AwhD6fUzJJfb8AbvO6q7OaOUz6DLQHxp:2IeCXTirv/Z0wXpAwh3z8DyUz0LQH
                                                                                                                                                                                                        MD5:46338AEC32AA676C3C82A39F41EBD66B
                                                                                                                                                                                                        SHA1:49212A95F46637149DD5904B33F5D714638A2F9E
                                                                                                                                                                                                        SHA-256:09056D560486A2368A917B2D476A453AF1B885C4D98E45AC80F8BA61C0DFF824
                                                                                                                                                                                                        SHA-512:8360F6B32152FBEE1CA4587317931FDDDC128EC2F33365CD3D2ACB2B5CB6331E37BF07FDFE9E2AA997DA774047D89871C331E3BA1024089A2D6F2DFC5567EF9B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J.7...Y...Y...Y.......Y...X...Y.|.X...Y...Z...Y...]...Y...\...Y...X...Y...X..Y...Q...Y...Y...Y.......Y...[...Y.Rich..Y.........................PE..d.....jg.........." ...*.6...........9.......................................0............`.............................................d.................................... ......................................p...@............P...............................text...X5.......6.................. ..`.rdata...Z...P...\...:..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography-44.0.0.dist-info\INSTALLER

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4
                                                                                                                                                                                                        Entropy (8bit):1.5
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:Mn:M
                                                                                                                                                                                                        MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                        SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                        SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                        SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:pip.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography-44.0.0.dist-info\METADATA

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5724
                                                                                                                                                                                                        Entropy (8bit):5.120429897887076
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:DlkQIUQIhQIKQILbQIRIaMPktjaVMxsxA2ncEvGDfe0HEdwGArNZG0JQTQCQx5Kw:dcPuPwsrcEvGDfe0HENA5w0JQTQ9x59H
                                                                                                                                                                                                        MD5:526D9AC9D8150602EC9ED8B9F4DE7102
                                                                                                                                                                                                        SHA1:DBA2CB32C21C4B0F575E77BBCDD4FA468056F5E3
                                                                                                                                                                                                        SHA-256:D95F491ED418DC302DB03804DAF9335CE21B2DF4704587E6851EF03E1F84D895
                                                                                                                                                                                                        SHA-512:FB13A2F6B64CB7E380A69424D484FC9B8758FA316A7A155FF062BFDACDCA8F2C5D2A03898CD099688B1C16A5A0EDCECFC42BF0D4D330926B10C3FCE9F5238643
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Metadata-Version: 2.3.Name: cryptography.Version: 44.0.0.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography-44.0.0.dist-info\RECORD

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16380
                                                                                                                                                                                                        Entropy (8bit):5.58935582120211
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:hXr1We/l45jEVeK6tkhX/v4WJr6W51HepPNIq+NX6ih5VBUqw8q:hXzlMEVdX/9Jr6W51HepPN/+96ihI8q
                                                                                                                                                                                                        MD5:F15EF7175220C9F59F90BBBAEDA16DBD
                                                                                                                                                                                                        SHA1:5367CAC8814D7A54E1C0274FF3F651ED5C6FE5D6
                                                                                                                                                                                                        SHA-256:04DB3839C853D4164576122B7D5A2BAB186536DC8F9A4980385E11CF59946114
                                                                                                                                                                                                        SHA-512:BB0FA967E03D98B9611006DF2155BD8AD58A0E8B1A679D636B94CE931D316F18B61B801E018DECA90D8E5A35FA744AE8C9E1A36F25C791052008C43AF53A8117
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:cryptography-44.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-44.0.0.dist-info/METADATA,sha256=2V9JHtQY3DAtsDgE2vkzXOIbLfRwRYfmhR7wPh-E2JU,5724..cryptography-44.0.0.dist-info/RECORD,,..cryptography-44.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-44.0.0.dist-info/WHEEL,sha256=Hn9bytZpOGoR6M4U5xUTHC1AJpPD9B1xPrM4STxljEU,94..cryptography-44.0.0.dist-info/licenses/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-44.0.0.dist-info/licenses/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-44.0.0.dist-info/licenses/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=fcUqF1IcadxBSH0us1vCvob0OJOrPV3h30yZD8wsHo4,445..cryptography/__init__.py,sha256=XsRL_PxbU6UgoyoglAgJQSrJCP97ovBA8YIEQ2-uI68,762..cryptography/__pycache__/__about__.cpython-310.pyc,,..cryptography/__pycache__/__init__.cpython-310

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography-44.0.0.dist-info\WHEEL

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):94
                                                                                                                                                                                                        Entropy (8bit):5.0373614967294325
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:RtEeX5pG6vhP+tkKciH/KQb:RtvoKWKTQb
                                                                                                                                                                                                        MD5:A868F93FCF51C4F1C25658D54F994349
                                                                                                                                                                                                        SHA1:535C88A10911673DEABB7889D365E81729E483A6
                                                                                                                                                                                                        SHA-256:1E7F5BCAD669386A11E8CE14E715131C2D402693C3F41D713EB338493C658C45
                                                                                                                                                                                                        SHA-512:EC13CAC9DF03676640EF5DA033E8C2FAEE63916F27CC27B9C43F0824B98AB4A6ECB4C8D7D039FA6674EF189BDD9265C8ED509C1D80DFF610AEB9E081093AEB3D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Wheel-Version: 1.0.Generator: maturin (1.7.5).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography-44.0.0.dist-info\licenses\LICENSE

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):197
                                                                                                                                                                                                        Entropy (8bit):4.61968998873571
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                        MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                        SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                        SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                        SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography-44.0.0.dist-info\licenses\LICENSE.APACHE

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11360
                                                                                                                                                                                                        Entropy (8bit):4.426756947907149
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                        MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                        SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                        SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                        SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography-44.0.0.dist-info\licenses\LICENSE.BSD

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1532
                                                                                                                                                                                                        Entropy (8bit):5.058591167088024
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                        MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                        SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                        SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                        SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8292864
                                                                                                                                                                                                        Entropy (8bit):6.493076254122072
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:98304:Y4sf3zg+qUuQdPJMqYLSxuBLZqwt0kDO+5+O:cdeqYLSxuBLZrGjq+
                                                                                                                                                                                                        MD5:34293B976DA366D83C12D8EE05DE7B03
                                                                                                                                                                                                        SHA1:82B8EB434C26FCC3A5D9673C9B93663C0FF9BF15
                                                                                                                                                                                                        SHA-256:A2285C3F2F7E63BA8A17AB5D0A302740E6ADF7E608E0707A7737C1EC3BD8CECC
                                                                                                                                                                                                        SHA-512:0807EC7515186F0A989BB667150A84FF3BEBCC248625597BA0BE3C6F07AD60D70CF8A3F65191436EC16042F446D4248BF92FCD02212E459405948DB10F078B8E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.j...j...j....F..j.......j.......j.......j.......j.......j.......j...j...h.......i...j...j.......j.......j..Rich.j..........................PE..d....^Gg.........." ...*.R\..n"......~Z.......................................~...........`...........................................x.X.....x...............y...............~.......o.T.....................o.(...p.o.@............p\.8............................text....Q\......R\................. ..`.rdata..P9...p\..:...V\.............@..@.data... >....x.......x.............@....pdata........y.......y.............@..@.reloc........~.......}.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\libcrypto-1_1.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3429624
                                                                                                                                                                                                        Entropy (8bit):6.093870626224665
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:6uTKuk2i4IU6ixsOjPWJJrf129Pr1+leV6E3AH/vgpdbZ/NPL0asQa1CPwDv3uF3:6XH+n9Z+1obZ/10asv1CPwDv3uFfJLx
                                                                                                                                                                                                        MD5:63C4F445B6998E63A1414F5765C18217
                                                                                                                                                                                                        SHA1:8C1AC1B4290B122E62F706F7434517077974F40E
                                                                                                                                                                                                        SHA-256:664C3E52F914E351BB8A66CE2465EE0D40ACAB1D2A6B3167AE6ACF6F1D1724D2
                                                                                                                                                                                                        SHA-512:AA7BDB3C5BC8AEEFBAD70D785F2468ACBB88EF6E6CAC175DA765647030734453A2836F9658DC7CE33F6FFF0DE85CB701C825EF5C04018D79FA1953C8EF946AFD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.>y..P*..P*..P*v..*m.P*-.Q+}.P*-.U+t.P*-.T+w.P*-.S+{.P*k.Q+t.P*..Q*..P*).S+b.P*).T+..P*).P+~.P*).*~.P*).R+~.P*Rich..P*........PE..d.....'a.........." ......$...................................................4.......4...`.........................................@Q/..h....4.@....@4.|....@2......84......P4..O....,.8...........................P.,.8.............4..............................text...4.$.......$................. ..`.rdata..V.....$.......$.............@..@.data....z....1..,....1.............@....pdata.. ....@2.......1.............@..@.idata..^#....4..$....3.............@..@.00cfg..Q....04.......3.............@..@.rsrc...|....@4.......3.............@..@.reloc...x...P4..z....3.............@..B................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\libffi-7.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32792
                                                                                                                                                                                                        Entropy (8bit):6.3566777719925565
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                                                                                                                                                                                                        MD5:EEF7981412BE8EA459064D3090F4B3AA
                                                                                                                                                                                                        SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                                                                                                                                                                                                        SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                                                                                                                                                                                                        SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\libssl-1_1.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):695032
                                                                                                                                                                                                        Entropy (8bit):5.528361289023932
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:EwIGh2Hjnl6uk51iNXuAX7TBElV57sldbeMR29XxSNreSZYrRnU2lvzsT:Uk51iNZyMR+keSZ6U2lvzsT
                                                                                                                                                                                                        MD5:BD857F444EBBF147A8FCD1215EFE79FC
                                                                                                                                                                                                        SHA1:1550E0D241C27F41C63F197B1BD669591A20C15B
                                                                                                                                                                                                        SHA-256:B7C0E42C1A60A2A062B899C8D4EBD0C50EF956177BA21785CE07C517C143AEAF
                                                                                                                                                                                                        SHA-512:2B85C1521EDEADF7E118610D6546FAFBBAD43C288A7F0F9D38D97C4423A541DFAC686634CDE956812916830FBB4AAD8351A23D95CD490C4A5C0F628244D30F0A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&v..G.^.G.^.G.^.?.^.G.^.2._.G.^.,._.G.^.2._.G.^.2._.G.^.2._.G.^.2._.G.^.G.^HF.^.2._.G.^.2._.G.^.2.^.G.^.2._.G.^Rich.G.^........................PE..d.....'a.........." .....8...L......<.....................................................`.........................................p+...N..HE..........s........K...~..........l.......8...............................8............0..H............................text....6.......8.................. ..`.rdata..z)...P...*...<..............@..@.data...QM.......D...f..............@....pdata...T.......V..................@..@.idata..PW...0...X..................@..@.00cfg..Q............X..............@..@.rsrc...s............Z..............@..@.reloc..]............b..............@..B................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\pyexpat.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):191720
                                                                                                                                                                                                        Entropy (8bit):6.322506643675763
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:gUV1H8tt/Z6dhxQMOJzr9JuB9OVqjxCXRTWiTayyXsflyOCiXOgeDpSRP4kFIABQ:BVGtkdhAr9JuB0VTTV9yXsfo+o
                                                                                                                                                                                                        MD5:983D8E003E772E9C078FAAD820D14436
                                                                                                                                                                                                        SHA1:1C90AD33DC4FECBDEB21F35CA748AA0094601C07
                                                                                                                                                                                                        SHA-256:E2146BED9720EB94388532551444F434D3195310FA7BD117253E7DF81A8E187E
                                                                                                                                                                                                        SHA-512:E7F0FD841C41F313C1782331C0F0AA35E1D8BA42475D502D08C3598A3AAEFD400179C19613941CDFAD724ECA067DD1B2F4C2F1E8A1D6F70EEB29F7B2213E6500
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Qe.....J...J...J.|:J...JGq.K...JGq.K...JGq.K...JGq.K...J.q.K...J.o.K...J...Jm..J.q.K...J.q.K...J.qVJ...J.q.K...JRich...J........................PE..d....O[a.........." ................p...............................................\E....`.........................................@...P............................................4..T...........................P5..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\python3.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):61680
                                                                                                                                                                                                        Entropy (8bit):5.923759574558729
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:ek8LeBLeeFtp5V1BfO2yvSk70QZF1nEyjnskQkr/RFB1qucwdBeCw0myou6ZwJqe:ekwewnvtjnsfwGFIAB0hy
                                                                                                                                                                                                        MD5:A5471F05FD616B0F8E582211EA470A15
                                                                                                                                                                                                        SHA1:CB5F8BF048DC4FC58F80BDFD2E04570DBEF4730E
                                                                                                                                                                                                        SHA-256:8D5E09791B8B251676E16BDD66A7118D88B10B66AD80A87D5897FADBEFB91790
                                                                                                                                                                                                        SHA-512:E87D06778201615B129DCF4E8B4059399128276EB87102B5C3A64B6E92714F6B0D5BDE5DF4413CC1B66D33A77D7A3912EAA1035F73565DBFD62280D09D46ABFF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............d...d...d.|.l...d.|.d...d.|.....d.|.f...d.Rich..d.........................PE..d...|O[a.........." .....................................................................`.........................................`...`...............................................T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\python310.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4450544
                                                                                                                                                                                                        Entropy (8bit):6.458222828027988
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:+RYsIZfypUacEN7z1NR6JYL911cdl40pPQKE30tBuQS6BqL902zJAysI6maHmbM9:YYsI5xKZ4JxsvAI6xHEMb5Hs9d
                                                                                                                                                                                                        MD5:384349987B60775D6FC3A6D202C3E1BD
                                                                                                                                                                                                        SHA1:701CB80C55F859AD4A31C53AA744A00D61E467E5
                                                                                                                                                                                                        SHA-256:F281C2E252ED59DD96726DBB2DE529A2B07B818E9CC3799D1FFA9883E3028ED8
                                                                                                                                                                                                        SHA-512:6BF3EF9F08F4FC07461B6EA8D9822568AD0A0F211E471B990F62C6713ADB7B6BE28B90F206A4EC0673B92BAE99597D1C7785381E486F6091265C7DF85FF0F9B5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................~..........................................3...F..3......3.|....3......Rich...........PE..d...pO[a.........." .....X#..d!.....,.........................................E......D...`...........................................<......z=.|....pD......@B.0.....C.......D..t..x.$.T.............................$.8............p#.8............................text...bW#......X#................. ..`.rdata...-...p#......\#.............@..@.data.........=.......=.............@....pdata..0....@B......6A.............@..@PyRuntim`....`D......HC.............@....rsrc........pD......LC.............@..@.reloc...t....D..v...VC.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\pywin32_system32\pythoncom310.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):669184
                                                                                                                                                                                                        Entropy (8bit):6.038501106256027
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:Z0t/kfQ/Uylo3H6J6vEGOIWGe3PVpdYqWMA:6t/kf1ylo33vp9KPFP
                                                                                                                                                                                                        MD5:3B8B8691D5E5E80F54548A7E210D4339
                                                                                                                                                                                                        SHA1:064C6BCDFAEF6662F3C1B243C1AA9AA8DAB520BB
                                                                                                                                                                                                        SHA-256:007DF83330975B9A70F1700CC6DF11286D14D06987BE75D4B0B05452CB7B84F1
                                                                                                                                                                                                        SHA-512:BA67915000A00B4A56F34A5035863228F3253004BB8B669DFF08848483D8D05CCE41E535A7142C18620E4F9F7BA85DA19F965D1B67DEC2B64F6296F34DD06638
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5.~.T.-.T.-.T.-.,.-.T.-.!.,.T.-.!.,.T.-.!.,.T.-.!.,.T.-p!.,.T.-.,.,.T.-~!.,.T.-.,.,.T.-.T.-.U.-p!.,.T.-p!.,.T.-p!.,.T.-Rich.T.-........................PE..d...9..g.........." ................T.....................................................`..........................................U...c..(...........l....@...z............... ..P...T...............................8............................................text...C........................... ..`.rdata..x$.......&..................@..@.data....I..........................@....pdata...z...@...|..................@..@.rsrc...l...........................@..@.reloc... ......."..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\pywin32_system32\pywintypes310.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):134656
                                                                                                                                                                                                        Entropy (8bit):5.995301814533339
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:MBdf5t5cspEpc/1utS9DNbtt1Y/r06Yrmu30mpEGNwX9iuu:MBdf5t5c/pW7nY/rk6y0mpEowX9i
                                                                                                                                                                                                        MD5:C873CF87068A45FB47993AF23D8A3E12
                                                                                                                                                                                                        SHA1:96A26436F22E3431D25661CEA7E5C2BCF3C7EE51
                                                                                                                                                                                                        SHA-256:3813FC39304F64101E99F2C5378C0A72B784EFCAEA695FFEEDE5FF6EA06F097B
                                                                                                                                                                                                        SHA-512:95975E39ECD6C60FFE0B973BAB9B5AE8C7B129EEDCEBCFE142EE2550C11385388CBCAFBF3CAA055E0A521D322948476C736FEDD473EB0C9BB5B3FCF4CEF311BD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ZI+.;'x.;'x.;'x.C.x.;'x.N&y.;'x.T.x.;'x.N"y.;'x.N#y.;'x.N$y.;'x.C#y.;'x1N&y.;'x.C&y.;'x.;&x.;'x?N.y.;'x?N'y.;'x?N%y.;'xRich.;'x........................PE..d......g.........." .........................................................P............`..........................................u..lB......,....0..l.......L............@..0....Q..T............................R..8............................................text............................... ..`.rdata..............................@..@.data....-.......(..................@....pdata..L...........................@..@.rsrc...l....0......................@..@.reloc..0....@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\select.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):25840
                                                                                                                                                                                                        Entropy (8bit):6.184647213244152
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:XPjk/7e12hwheCZHqh1BeshphFIAmGcDG4y8JAgwhp:fUC2hwh9Hq3rHhFIAmGcDG4yMwh
                                                                                                                                                                                                        MD5:78D421A4E6B06B5561C45B9A5C6F86B1
                                                                                                                                                                                                        SHA1:C70747D3F2D26A92A0FE0B353F1D1D01693929AC
                                                                                                                                                                                                        SHA-256:F1694CE82DA997FAA89A9D22D469BFC94ABB0F2063A69EC9B953BC085C2CB823
                                                                                                                                                                                                        SHA-512:83E02963C9726A40CD4608B69B4CDF697E41C9EEDFB2D48F3C02C91500E212E7E0AB03E6B3F70F42E16E734E572593F27B016B901C8AA75F674B6E0FBB735012
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f ...N...N...N.......N..rO...N..rK...N..rJ...N..rM...N..rO...N..lO...N...O...N..rC...N..rN...N..r....N..rL...N.Rich..N.........................PE..d....O[a.........." .........2.......................................................y....`..........................................@..L....@..x....p.......`.......H..........H....2..T............................2..8............0...............................text............................... ..`.rdata..6....0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..H............F..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\setuptools-57.4.0.dist-info\INSTALLER

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4
                                                                                                                                                                                                        Entropy (8bit):1.5
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:Mn:M
                                                                                                                                                                                                        MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                        SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                        SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                        SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:pip.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\setuptools-57.4.0.dist-info\LICENSE

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1050
                                                                                                                                                                                                        Entropy (8bit):5.072538194763298
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1rmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:1aJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                                                        MD5:7A7126E068206290F3FE9F8D6C713EA6
                                                                                                                                                                                                        SHA1:8E6689D37F82D5617B7F7F7232C94024D41066D1
                                                                                                                                                                                                        SHA-256:DB3F0246B1F9278F15845B99FEC478B8B506EB76487993722F8C6E254285FAF8
                                                                                                                                                                                                        SHA-512:C9F0870BC5D5EFF8769D9919E6D8DDE1B773543634F7D03503A9E8F191BD4ACC00A97E0399E173785D1B65318BAC79F41D3974AE6855E5C432AC5DACF8D13E8A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Copyright Jason R. Coombs..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTW

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\setuptools-57.4.0.dist-info\METADATA

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4908
                                                                                                                                                                                                        Entropy (8bit):5.0861617176323435
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:DpsYyJAm4a113Nr1uCDIGSwMHodIDvVnddPnzQDiHNU4o7POX7FwTtPMk:dQdrMYIGSwMHodIDvBdBn77FwTJ
                                                                                                                                                                                                        MD5:36BE36BE5EC1F5B5843A30038F034434
                                                                                                                                                                                                        SHA1:B903344823DBD9176774D5EA17F8513C3C8CFF01
                                                                                                                                                                                                        SHA-256:518DD6D71AC1743D85CE3CD8C692A58611340BC4A55DDEE4D0DF1C0921D613D5
                                                                                                                                                                                                        SHA-512:509B79F3DD004A4C4B12CE16271CF89BD2AEAEBFA48F862922D650AF469F80599C305FE185B9AA6A7A129427A0BD293B085587624E4A7EA799393101B1B6E2C6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Metadata-Version: 2.1.Name: setuptools.Version: 57.4.0.Summary: Easily download, build, install, upgrade, and uninstall Python packages.Home-page: https://github.com/pypa/setuptools.Author: Python Packaging Authority.Author-email: distutils-sig@python.org.License: UNKNOWN.Project-URL: Documentation, https://setuptools.readthedocs.io/.Keywords: CPAN PyPI distutils eggs package management.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: Topic :: System :: Systems Administration.Classifier: Topic :: Utilities.Requires-Python: >=3.6.License-File: LICENSE.Provides-Extra: certs.Provides-Extra: docs.Requires-Dist: sphinx ; extra == 'doc

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\setuptools-57.4.0.dist-info\RECORD

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):23214
                                                                                                                                                                                                        Entropy (8bit):5.587143938943948
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:dnz9AWSogahtKJwQjIbwA+h4gcWmdcYcvX6Y/KUtWD3yCjhZDP1z39L1:ddxcFiUtMiCj3p39L1
                                                                                                                                                                                                        MD5:E27F2E80BF17B029DF1BD79A29045D8A
                                                                                                                                                                                                        SHA1:AB0C2AC3E32B7AD1570A65CD3DC02284A7C99F7F
                                                                                                                                                                                                        SHA-256:F21F239121DB547655371DDE814E349B3912553C18F8FF6D5214E633E09D900D
                                                                                                                                                                                                        SHA-512:6948EEA34B8AAF9DB645BE2EE7ACDC987734A474980732F30CE2FE310D060B78180A663EE75D05877A42C2C053FD081294F65EE936A7D34C503FDE1D02182B8A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:_distutils_hack/__init__.py,sha256=X3RUiA6KBPoEmco_CjACyltyQbFRGVUpZRAbSkPGwMs,3688.._distutils_hack/__pycache__/__init__.cpython-310.pyc,,.._distutils_hack/__pycache__/override.cpython-310.pyc,,.._distutils_hack/override.py,sha256=Eu_s-NF6VIZ4Cqd0tbbA5wtWky2IZPNd8et6GLt1mzo,44..distutils-precedence.pth,sha256=fqf_7z_ioRfuEsaO1lU2F_DX_S8FkCV8JcSElZo7c3M,152..pkg_resources/__init__.py,sha256=P3PNN3_m8JJrYMp-i-Sq-3rhK5vuViqqjn1UXKHfe7Q,108202..pkg_resources/__pycache__/__init__.cpython-310.pyc,,..pkg_resources/_vendor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..pkg_resources/_vendor/__pycache__/__init__.cpython-310.pyc,,..pkg_resources/_vendor/__pycache__/appdirs.cpython-310.pyc,,..pkg_resources/_vendor/__pycache__/pyparsing.cpython-310.pyc,,..pkg_resources/_vendor/appdirs.py,sha256=MievUEuv3l_mQISH5SF0shDk_BNhHHzYiAPrT3ITN4I,24701..pkg_resources/_vendor/packaging/__about__.py,sha256=PNMsaZn4UcCHyubgROH1bl6CluduPjI5kFrSp_Zgklo,736..pkg_resources/_vendor/packaging/__

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\setuptools-57.4.0.dist-info\WHEEL

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):92
                                                                                                                                                                                                        Entropy (8bit):4.842566724466667
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:RtEeX7MWcSlViHoKKjP+tPCCfA5S:RtBMwlViQWBBf
                                                                                                                                                                                                        MD5:11AA48DBE7E7CC631B11DD66DC493AEB
                                                                                                                                                                                                        SHA1:249FDB01AD3E3F71356E33E1897D06F23CFB20C2
                                                                                                                                                                                                        SHA-256:3AA464174798E461ECB0CA2B16395B4C8AB4EF6BE91E917AD1F21003A952F710
                                                                                                                                                                                                        SHA-512:EDD5892C9B2FE1F2439C53D2CD05F4478EC360885054BD06AFCF7936F6D066377FEE07796DAE9ECDF810E3D6100E039CAD48F00AD0E3145693D53E844CC5319D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.36.2).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\setuptools-57.4.0.dist-info\entry_points.txt

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2869
                                                                                                                                                                                                        Entropy (8bit):4.534411891756618
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:l9Zvy3g6yj+DsmnA540rZh2Phv4hhpTSeToq:xPAorZoP94hTTSecq
                                                                                                                                                                                                        MD5:629278048EF5BF7880A43409D136981D
                                                                                                                                                                                                        SHA1:04BC1062E0800A8570F1C81751B734E81FA9BBCB
                                                                                                                                                                                                        SHA-256:96478968ADB5BE5B92DB2ECC7E63BFB5B2D88E1F2F6990E066CC33538243F608
                                                                                                                                                                                                        SHA-512:31EB224235746AAFD44FEB872A5743FBED78F2B21317C81A31E5CFB076E67378518C32E09EB92DC5D52BB9863F322924B21F17A636EBDAA4AF027FE24D68D50F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[distutils.commands].alias = setuptools.command.alias:alias.bdist_egg = setuptools.command.bdist_egg:bdist_egg.bdist_rpm = setuptools.command.bdist_rpm:bdist_rpm.build_clib = setuptools.command.build_clib:build_clib.build_ext = setuptools.command.build_ext:build_ext.build_py = setuptools.command.build_py:build_py.develop = setuptools.command.develop:develop.dist_info = setuptools.command.dist_info:dist_info.easy_install = setuptools.command.easy_install:easy_install.egg_info = setuptools.command.egg_info:egg_info.install = setuptools.command.install:install.install_egg_info = setuptools.command.install_egg_info:install_egg_info.install_lib = setuptools.command.install_lib:install_lib.install_scripts = setuptools.command.install_scripts:install_scripts.rotate = setuptools.command.rotate:rotate.saveopts = setuptools.command.saveopts:saveopts.sdist = setuptools.command.sdist:sdist.setopt = setuptools.command.setopt:setopt.test = setuptools.command.test:test.upload_docs = setuptools.comman

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\setuptools-57.4.0.dist-info\top_level.txt

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                        Entropy (8bit):3.9115956018096876
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:3Wd+Nt8AfQYv:3Wd+Nttv
                                                                                                                                                                                                        MD5:789A691C859DEA4BB010D18728BAD148
                                                                                                                                                                                                        SHA1:AEF2CBCCC6A9A8F43E4E150E7FCF1D7B03F0E249
                                                                                                                                                                                                        SHA-256:77DC8BDFDBFF5BBAA62830D21FAB13E1B1348FF2ECD4CDCFD7AD4E1A076C9B88
                                                                                                                                                                                                        SHA-512:BC2F7CAAD486EB056CB9F68E6C040D448788C3210FF028397CD9AF1277D0051746CAE58EB172F9E73EA731A65B2076C6091C10BCB54D911A7B09767AA6279EF6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:_distutils_hack.pkg_resources.setuptools.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\sqlite3.dll

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1465072
                                                                                                                                                                                                        Entropy (8bit):6.573395442335468
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:kPrlPOhOZxO9hhvpPfRMtmJXRqGedEexiBgvLSHEpkz6FIVaPe+:k5POhOZxO9hhv15rJhqGegyLhpFIc
                                                                                                                                                                                                        MD5:7BB1D577405F1129FAF3EA0225C9D083
                                                                                                                                                                                                        SHA1:60472DE4B1C7A12468D79994D6D0D684C91091EF
                                                                                                                                                                                                        SHA-256:831BA87CB1A91D4581F0ABBCC4966C6F4B332536F70CF481F609C44CC3D987C2
                                                                                                                                                                                                        SHA-512:33B1FD3A289193BFF168C967CAEBC0131732BD04562A770CF2EDAC602AB6D958F7BDE7A0E57BB125A7598852BDAC30F96D0DB46CB4A2460A61A0D914B011ED20
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v..f.@.f.@.f.@...@.f.@...A.f.@...A.f.@...A.f.@...A.f.@...A.f.@.f.@nf.@^..A.f.@^..A.f.@^..@.f.@^..A.f.@Rich.f.@........PE..d....O[a.........." .....l...........q.......................................p.......M....`.............................................D!...$.......P...............>.......`......@...T...............................8...............(............................text....k.......l.................. ..`.rdata..d............p..............@..@.data....?...@...6...$..............@....pdata...............Z..............@..@.rsrc........P.......&..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\unicodedata.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1118448
                                                                                                                                                                                                        Entropy (8bit):5.371925569374372
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:t0lBMmuZ63N6QCb5Pfhnzr0ql8L8kdM7IRG5eeme6VZyrIBHdQLhfFE+uUs:ilBuVZV0m81MMREtV6Vo4uYUs
                                                                                                                                                                                                        MD5:A40FF441B1B612B3B9F30F28FA3C680D
                                                                                                                                                                                                        SHA1:42A309992BDBB68004E2B6B60B450E964276A8FC
                                                                                                                                                                                                        SHA-256:9B22D93F4DB077A70A1D85FFC503980903F1A88E262068DD79C6190EC7A31B08
                                                                                                                                                                                                        SHA-512:5F9142B16ED7FFC0E5B17D6A4257D7249A21061FE5E928D3CDE75265C2B87B723B2E7BD3109C30D2C8F83913134445E8672C98C187073368C244A476AC46C3EF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N$z./J)./J)./J).W.)./J).ZK(./J).ZO(./J).ZN(./J).ZI(./J)YZK(./J).DK(./J)./K)./J)YZG(./J)YZJ(./J)YZ.)./J)YZH(./J)Rich./J)................PE..d....O[a.........." .....B..........`*.......................................@............`.............................................X...h........ .......................0......0L..T............................L..8............`..x............................text....A.......B.................. ..`.rdata.......`.......F..............@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\win32\_win32sysloader.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):14848
                                                                                                                                                                                                        Entropy (8bit):5.113940315233747
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:RCm72PEO1jIUs0YqEcPbF55UgCWV4rofnDPQRD015dHvcqvn7ycIt/F/:RardA0Bzx14r6nDqCdhv+N/
                                                                                                                                                                                                        MD5:587C3A0118B8F7C92C6D66639A6D6815
                                                                                                                                                                                                        SHA1:4BF1F9B0F66BF0C9814B8355675E305959FFDE78
                                                                                                                                                                                                        SHA-256:8776152A8BC78F7D241788C2E31172814604ED88DC5FA7D10F7A5F649EF2AAAF
                                                                                                                                                                                                        SHA-512:0325611B4C17DFB4FC3E77D7CF4C0F394C1AA9420E70A6F8F0605D9B7C3FA3C34CE9142479A73FA111946D18ED1E0A9EE00E1378DDDED34D32F9CBDB2E0D738D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j.f.............'...,...|...,...e...,...|...%...|...&...|...-......-............../....../....../...Rich....................PE..d......g.........." ......................................................................`..........................................;..`...p;..d....p..t....`..................@...|2..T............................2..8............0..p............................text............................... ..`.rdata..4....0......................@..@.data........P......................@....pdata.......`.......0..............@..@.rsrc...t....p.......4..............@..@.reloc..@............8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\win32\win32api.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):132608
                                                                                                                                                                                                        Entropy (8bit):5.862449818315769
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:z3/yGM9FDwORzlpKHiG4jNvZNWlRVFhLaNzvqqQvmuquXRPDwle:D6J9pNRznKCG6NRIlRVgvqqQ4uXRP
                                                                                                                                                                                                        MD5:70F81DEC61A66E7656916034EEB53654
                                                                                                                                                                                                        SHA1:8739E1BF230B9834649F4DC45C4C42B49F96E5E2
                                                                                                                                                                                                        SHA-256:250CAC5963EB40FC9DFCB1205D9D3CA3E7A0E49C5863B7736D8D4DCB75E3E45E
                                                                                                                                                                                                        SHA-512:39C72DAACECB54BE8E8088038CA9A1629356C6E4B5D723CC2C01E987C848AF97A762A5B16E5020D8BD0FC0B98D0B899621EE9DC3B86A99A45FA537FE1D3AC117
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V.p...p...p.......p.......p.......p.......p.......p.......p.......p.......p...p...q.......p.......p.......p..Rich.p..........................PE..d......g.........." .........................................................P............`.........................................P...............0..\....................@..X....v..T............................;..8............0.........@....................text............................... ..`.rdata..b....0......................@..@.data...X(......."..................@....pdata..............................@..@.rsrc...\....0......................@..@.reloc..X....@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\win32\win32trace.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):23552
                                                                                                                                                                                                        Entropy (8bit):5.278083154463425
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:4eeH8ZmV+zknwMswDuVQO0T8Dmwel2/QE9BfEA45yn9uku1B+:E+zi/uVQZQ/QE9dcUiB
                                                                                                                                                                                                        MD5:A9FA0D374A60D11D2C787A2E6BFC975D
                                                                                                                                                                                                        SHA1:1D085C6242C9E56ED05E27355B4444979A2C56CD
                                                                                                                                                                                                        SHA-256:48F49C4B575042A5BE98A7291CE91FE56B89B368608E6B12DACA3A6F9CB2DD55
                                                                                                                                                                                                        SHA-512:52EF5B9D9AAC9D511A2DDF87F4E213877A7C01241A67A09FDC8AE572DB2BCFAC86692D1EF22D29D1ED469A1251F139B74FAF998A1D801925099F296C8368B2A0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)(U.HF..HF..HF..0...HF..=G..HF..=C..HF..=B..HF..=E..HF.(=G..HF.&=G..HF..0G..HF..HG..HF.(=O..HF.(=F..HF.(=D..HF.Rich.HF.........PE..d......g.........." .....,...,.......(....................................................`......................................... Q..T...tQ..........d....p.......................G..T...........................0H..8............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...(....`.......L..............@....pdata.......p.......R..............@..@.rsrc...d............V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI47442\win32com\shell\shell.pyd

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):534528
                                                                                                                                                                                                        Entropy (8bit):6.1711213337115405
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:xLf6Z7NtZXLd50J68K7rJZcblgyRCcynKEHnHyzNQMfxaZQufAHqa/IBf7J:xLCZ7NtZ5aJ68EowcRzHfxo9Bf7J
                                                                                                                                                                                                        MD5:E4E10AB85AC3E4BC87E3E8A54AF835BE
                                                                                                                                                                                                        SHA1:5B38DF52339D6DD09519C983ADE87DF6CABC21F8
                                                                                                                                                                                                        SHA-256:6148E9F3AF597A18E7BC89188C878008B6548A95EFDC2F9F3B6A7CD7B9C572A0
                                                                                                                                                                                                        SHA-512:C2B6EE97AAD6F05235AD7322ECB40CD9EE390FBFC51110E725F2D06C0288BC4395D24210F0337520706F36F0C493A96D00AC728CA99437CE98D02990C3D7F469
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{(#t?IM'?IM'?IM'61.'9IM'm<L&;IM'm<H&,IM'm<I&7IM'm<N&;IM't1I&6IM'.<L&=IM'.<L&;IM't1K&>IM't1L&6IM'?IL'.IM'.<D&xIM'.<M&>IM'.<O&>IM'Rich?IM'................PE..d......g.........." .....0................................................................`.............................................L...<...........L.... ..${..............t!......T...............................8............@..(............................text............0.................. ..`.rdata.......@.......4..............@..@.data........@...`...&..............@....pdata..${... ...|..................@..@.rsrc...L...........................@..@.reloc..t!......."..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Entropy (8bit):7.996054152379608
                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                        • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                        • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                        File name:builded.exe
                                                                                                                                                                                                        File size:17'318'617 bytes
                                                                                                                                                                                                        MD5:16a4f448219d7e20a80612d03a0a0f5c
                                                                                                                                                                                                        SHA1:4e86a64e2d2df2b6303cc0bcfae8d2feab157e03
                                                                                                                                                                                                        SHA256:c897f350c048329e77eae707fcf6ee75a6a18d75068927005ee1e8450009b394
                                                                                                                                                                                                        SHA512:49fec18937cf61b18673a7cda00dd23d1e5e449af6450c7a13f7e7ad9074a5350ca8cceded8aa317996ca002d866de4354043d7d47434d677fbdfde719d123d5
                                                                                                                                                                                                        SSDEEP:393216:U9Yi2Vlj87dPCt32Iywq3Obs2ClFInEroXq14S2in8hAZk18kArQKuBN:U9Yi2Vl8ZKt32Iywq3ObRqOErUlQfSe0
                                                                                                                                                                                                        TLSH:32073310BEA458FFD6B7593E8535C02891E1BC214BD0C66F27AC922A5FEB2D0BE34D41
                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t=.30\.`0\.`0\.`{$.a7\.`{$.a.\.`{$.a:\.` ..`3\.` ..a9\.` ..a!\.` ..a.\.`{$.a;\.`0\.`.\.`{..a)\.`{..a1\.`Rich0\.`........PE..d..

                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                        Icon Hash:4a464cd47461e179

                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Entrypoint:0x14000ce20
                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                        Time Stamp:0x6786EBD7 [Tue Jan 14 22:57:27 2025 UTC]
                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                        Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        sub esp, 28h
                                                                                                                                                                                                        call 00007F09C4C9C22Ch
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        add esp, 28h
                                                                                                                                                                                                        jmp 00007F09C4C9BE4Fh
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        sub esp, 28h
                                                                                                                                                                                                        call 00007F09C4C9C5F8h
                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                        je 00007F09C4C9BFF3h
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        mov eax, dword ptr [00000030h]
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                        jmp 00007F09C4C9BFD7h
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        cmp ecx, eax
                                                                                                                                                                                                        je 00007F09C4C9BFE6h
                                                                                                                                                                                                        xor eax, eax
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        cmpxchg dword ptr [0003570Ch], ecx
                                                                                                                                                                                                        jne 00007F09C4C9BFC0h
                                                                                                                                                                                                        xor al, al
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        add esp, 28h
                                                                                                                                                                                                        ret
                                                                                                                                                                                                        mov al, 01h
                                                                                                                                                                                                        jmp 00007F09C4C9BFC9h
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        sub esp, 28h
                                                                                                                                                                                                        test ecx, ecx
                                                                                                                                                                                                        jne 00007F09C4C9BFD9h
                                                                                                                                                                                                        mov byte ptr [000356F5h], 00000001h
                                                                                                                                                                                                        call 00007F09C4C9B725h
                                                                                                                                                                                                        call 00007F09C4C9CA10h
                                                                                                                                                                                                        test al, al
                                                                                                                                                                                                        jne 00007F09C4C9BFD6h
                                                                                                                                                                                                        xor al, al
                                                                                                                                                                                                        jmp 00007F09C4C9BFE6h
                                                                                                                                                                                                        call 00007F09C4CA952Fh
                                                                                                                                                                                                        test al, al
                                                                                                                                                                                                        jne 00007F09C4C9BFDBh
                                                                                                                                                                                                        xor ecx, ecx
                                                                                                                                                                                                        call 00007F09C4C9CA20h
                                                                                                                                                                                                        jmp 00007F09C4C9BFBCh
                                                                                                                                                                                                        mov al, 01h
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        add esp, 28h
                                                                                                                                                                                                        ret
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        int3
                                                                                                                                                                                                        inc eax
                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        sub esp, 20h
                                                                                                                                                                                                        cmp byte ptr [000356BCh], 00000000h
                                                                                                                                                                                                        mov ebx, ecx
                                                                                                                                                                                                        jne 00007F09C4C9C039h
                                                                                                                                                                                                        cmp ecx, 01h
                                                                                                                                                                                                        jnbe 00007F09C4C9C03Ch
                                                                                                                                                                                                        call 00007F09C4C9C56Eh
                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                        je 00007F09C4C9BFFAh
                                                                                                                                                                                                        test ebx, ebx
                                                                                                                                                                                                        jne 00007F09C4C9BFF6h
                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                        lea ecx, dword ptr [000356A6h]
                                                                                                                                                                                                        call 00007F09C4CA9322h

                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca340x78.rdata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000xf41c.rsrc
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2238.pdata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x570000x764.reloc
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                        Sections

                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                        .text0x10000x29f700x2a000b8c3814c5fb0b18492ad4ec2ffe0830aFalse0.5518740699404762data6.489205819736506IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                        .rdata0x2b0000x12a280x12c00fffe21ae57aa2d3079a9016c53ea29fcFalse0.524296875data5.750798470810524IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                        .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                        .pdata0x440000x22380x24009cd1eac931545f28ab09329f8bfce843False0.4697265625data5.2645170849678795IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                        .rsrc0x470000xf41c0xf600455788c285fcfdcb4008bc77e762818aFalse0.803099593495935data7.5549760623589695IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                        .reloc0x570000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                        Resources

                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                        RT_ICON0x472080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                                                                                                                                                                        RT_ICON0x480b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                                                                                                                                                                        RT_ICON0x489580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                                                                                                                                                                        RT_ICON0x48ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                                                                                                                                                                        RT_ICON0x523ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                                                                                                                                                                        RT_ICON0x549940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                                                                                                                                                                        RT_ICON0x55a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                                                                                                                                                                        RT_GROUP_ICON0x55ea40x68data0.7019230769230769
                                                                                                                                                                                                        RT_MANIFEST0x55f0c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                        Imports

                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                        USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                        COMCTL32.dll
                                                                                                                                                                                                        KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                                                                                                                                        ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                        GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        Jan 15, 2025 10:01:13.127968073 CET49705443192.168.2.5104.21.77.174
                                                                                                                                                                                                        Jan 15, 2025 10:01:13.127990007 CET44349705104.21.77.174192.168.2.5
                                                                                                                                                                                                        Jan 15, 2025 10:01:13.128113031 CET49705443192.168.2.5104.21.77.174
                                                                                                                                                                                                        Jan 15, 2025 10:01:13.129054070 CET49705443192.168.2.5104.21.77.174
                                                                                                                                                                                                        Jan 15, 2025 10:01:13.129065037 CET44349705104.21.77.174192.168.2.5
                                                                                                                                                                                                        Jan 15, 2025 10:01:13.658318043 CET44349705104.21.77.174192.168.2.5
                                                                                                                                                                                                        Jan 15, 2025 10:01:13.658993959 CET49705443192.168.2.5104.21.77.174
                                                                                                                                                                                                        Jan 15, 2025 10:01:13.659003019 CET44349705104.21.77.174192.168.2.5
                                                                                                                                                                                                        Jan 15, 2025 10:01:13.661180019 CET44349705104.21.77.174192.168.2.5
                                                                                                                                                                                                        Jan 15, 2025 10:01:13.661262989 CET49705443192.168.2.5104.21.77.174
                                                                                                                                                                                                        Jan 15, 2025 10:01:13.662739038 CET49705443192.168.2.5104.21.77.174
                                                                                                                                                                                                        Jan 15, 2025 10:01:13.662950039 CET49705443192.168.2.5104.21.77.174

                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        Jan 15, 2025 10:01:13.098102093 CET5182853192.168.2.51.1.1.1
                                                                                                                                                                                                        Jan 15, 2025 10:01:13.124876022 CET53518281.1.1.1192.168.2.5

                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                        Jan 15, 2025 10:01:13.098102093 CET192.168.2.51.1.1.10xf8d5Standard query (0)webhook.myA (IP address)IN (0x0001)false

                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                        Jan 15, 2025 10:01:13.124876022 CET1.1.1.1192.168.2.50xf8d5No error (0)webhook.my104.21.77.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Jan 15, 2025 10:01:13.124876022 CET1.1.1.1192.168.2.50xf8d5No error (0)webhook.my172.67.210.157A (IP address)IN (0x0001)false

                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                        Start time:04:01:06
                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                        Path:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\builded.exe"
                                                                                                                                                                                                        Imagebase:0x7ff7a3b20000
                                                                                                                                                                                                        File size:17'318'617 bytes
                                                                                                                                                                                                        MD5 hash:16A4F448219D7E20A80612D03A0A0F5C
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                        Start time:04:01:10
                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                        Path:C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\builded.exe"
                                                                                                                                                                                                        Imagebase:0x7ff7a3b20000
                                                                                                                                                                                                        File size:17'318'617 bytes
                                                                                                                                                                                                        MD5 hash:16A4F448219D7E20A80612D03A0A0F5C
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                        • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: JoeSecurity_CStealer, Description: Yara detected CStealer, Source: 00000002.00000002.2230768489.00000194031E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                        Start time:04:01:11
                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                                        Imagebase:0x7ff6257f0000
                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                        Start time:04:01:11
                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                          Execution Coverage:10.4%
                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                          Signature Coverage:17%
                                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                                          Total number of Limit Nodes:35
                                                                                                                                                                                                          execution_graph 20192 7ff7a3b4add9 20195 7ff7a3b354e8 LeaveCriticalSection 20192->20195 20031 7ff7a3b4ae6e 20032 7ff7a3b4ae7d 20031->20032 20033 7ff7a3b4ae87 20031->20033 20035 7ff7a3b403a8 LeaveCriticalSection 20032->20035 16940 7ff7a3b3f9fc 16941 7ff7a3b3fbee 16940->16941 16943 7ff7a3b3fa3e _isindst 16940->16943 16942 7ff7a3b34f78 _get_daylight 11 API calls 16941->16942 16960 7ff7a3b3fbde 16942->16960 16943->16941 16946 7ff7a3b3fabe _isindst 16943->16946 16944 7ff7a3b2c5c0 _log10_special 8 API calls 16945 7ff7a3b3fc09 16944->16945 16961 7ff7a3b46204 16946->16961 16951 7ff7a3b3fc1a 16952 7ff7a3b3a970 _isindst 17 API calls 16951->16952 16954 7ff7a3b3fc2e 16952->16954 16958 7ff7a3b3fb1b 16958->16960 16985 7ff7a3b46248 16958->16985 16960->16944 16962 7ff7a3b3fadc 16961->16962 16963 7ff7a3b46213 16961->16963 16967 7ff7a3b45608 16962->16967 16992 7ff7a3b40348 EnterCriticalSection 16963->16992 16968 7ff7a3b3faf1 16967->16968 16969 7ff7a3b45611 16967->16969 16968->16951 16973 7ff7a3b45638 16968->16973 16970 7ff7a3b34f78 _get_daylight 11 API calls 16969->16970 16971 7ff7a3b45616 16970->16971 16972 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 16971->16972 16972->16968 16974 7ff7a3b45641 16973->16974 16976 7ff7a3b3fb02 16973->16976 16975 7ff7a3b34f78 _get_daylight 11 API calls 16974->16975 16977 7ff7a3b45646 16975->16977 16976->16951 16979 7ff7a3b45668 16976->16979 16978 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 16977->16978 16978->16976 16980 7ff7a3b3fb13 16979->16980 16981 7ff7a3b45671 16979->16981 16980->16951 16980->16958 16982 7ff7a3b34f78 _get_daylight 11 API calls 16981->16982 16983 7ff7a3b45676 16982->16983 16984 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 16983->16984 16984->16980 16993 7ff7a3b40348 EnterCriticalSection 16985->16993 20049 7ff7a3b35480 20050 7ff7a3b3548b 20049->20050 20058 7ff7a3b3f314 20050->20058 20071 7ff7a3b40348 EnterCriticalSection 20058->20071 20434 7ff7a3b3c590 20445 7ff7a3b40348 EnterCriticalSection 20434->20445 16730 7ff7a3b35698 16731 7ff7a3b356b2 16730->16731 16732 7ff7a3b356cf 16730->16732 16781 7ff7a3b34f58 16731->16781 16732->16731 16733 7ff7a3b356e2 CreateFileW 16732->16733 16735 7ff7a3b3574c 16733->16735 16736 7ff7a3b35716 16733->16736 16784 7ff7a3b35c74 16735->16784 16755 7ff7a3b357ec GetFileType 16736->16755 16740 7ff7a3b34f78 _get_daylight 11 API calls 16743 7ff7a3b356bf 16740->16743 16748 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 16743->16748 16744 7ff7a3b3572b CloseHandle 16750 7ff7a3b356ca 16744->16750 16745 7ff7a3b35741 CloseHandle 16745->16750 16746 7ff7a3b35780 16805 7ff7a3b35a34 16746->16805 16747 7ff7a3b35755 16751 7ff7a3b34eec _fread_nolock 11 API calls 16747->16751 16748->16750 16753 7ff7a3b3575f 16751->16753 16753->16750 16756 7ff7a3b3583a 16755->16756 16757 7ff7a3b358f7 16755->16757 16758 7ff7a3b35866 GetFileInformationByHandle 16756->16758 16761 7ff7a3b35b70 21 API calls 16756->16761 16759 7ff7a3b35921 16757->16759 16760 7ff7a3b358ff 16757->16760 16762 7ff7a3b35912 GetLastError 16758->16762 16763 7ff7a3b3588f 16758->16763 16765 7ff7a3b35944 PeekNamedPipe 16759->16765 16780 7ff7a3b358e2 16759->16780 16760->16762 16764 7ff7a3b35903 16760->16764 16766 7ff7a3b35854 16761->16766 16769 7ff7a3b34eec _fread_nolock 11 API calls 16762->16769 16767 7ff7a3b35a34 51 API calls 16763->16767 16768 7ff7a3b34f78 _get_daylight 11 API calls 16764->16768 16765->16780 16766->16758 16766->16780 16771 7ff7a3b3589a 16767->16771 16768->16780 16769->16780 16770 7ff7a3b2c5c0 _log10_special 8 API calls 16772 7ff7a3b35724 16770->16772 16822 7ff7a3b35994 16771->16822 16772->16744 16772->16745 16775 7ff7a3b35994 10 API calls 16776 7ff7a3b358b9 16775->16776 16777 7ff7a3b35994 10 API calls 16776->16777 16778 7ff7a3b358ca 16777->16778 16779 7ff7a3b34f78 _get_daylight 11 API calls 16778->16779 16778->16780 16779->16780 16780->16770 16782 7ff7a3b3b338 _get_daylight 11 API calls 16781->16782 16783 7ff7a3b34f61 16782->16783 16783->16740 16786 7ff7a3b35caa 16784->16786 16785 7ff7a3b35d42 __vcrt_freefls 16788 7ff7a3b2c5c0 _log10_special 8 API calls 16785->16788 16786->16785 16787 7ff7a3b34f78 _get_daylight 11 API calls 16786->16787 16789 7ff7a3b35cbc 16787->16789 16791 7ff7a3b35751 16788->16791 16790 7ff7a3b34f78 _get_daylight 11 API calls 16789->16790 16792 7ff7a3b35cc4 16790->16792 16791->16746 16791->16747 16829 7ff7a3b37e78 16792->16829 16794 7ff7a3b35cd9 16795 7ff7a3b35ceb 16794->16795 16796 7ff7a3b35ce1 16794->16796 16798 7ff7a3b34f78 _get_daylight 11 API calls 16795->16798 16797 7ff7a3b34f78 _get_daylight 11 API calls 16796->16797 16801 7ff7a3b35ce6 16797->16801 16799 7ff7a3b35cf0 16798->16799 16799->16785 16800 7ff7a3b34f78 _get_daylight 11 API calls 16799->16800 16802 7ff7a3b35cfa 16800->16802 16801->16785 16803 7ff7a3b35d34 GetDriveTypeW 16801->16803 16804 7ff7a3b37e78 45 API calls 16802->16804 16803->16785 16804->16801 16806 7ff7a3b35a5c 16805->16806 16814 7ff7a3b3578d 16806->16814 16923 7ff7a3b3f794 16806->16923 16808 7ff7a3b35af0 16809 7ff7a3b3f794 51 API calls 16808->16809 16808->16814 16810 7ff7a3b35b03 16809->16810 16811 7ff7a3b3f794 51 API calls 16810->16811 16810->16814 16812 7ff7a3b35b16 16811->16812 16813 7ff7a3b3f794 51 API calls 16812->16813 16812->16814 16813->16814 16815 7ff7a3b35b70 16814->16815 16816 7ff7a3b35b8a 16815->16816 16817 7ff7a3b35bc1 16816->16817 16818 7ff7a3b35b9a 16816->16818 16819 7ff7a3b3f628 21 API calls 16817->16819 16820 7ff7a3b34eec _fread_nolock 11 API calls 16818->16820 16821 7ff7a3b35baa 16818->16821 16819->16821 16820->16821 16821->16753 16823 7ff7a3b359bd FileTimeToSystemTime 16822->16823 16824 7ff7a3b359b0 16822->16824 16825 7ff7a3b359b8 16823->16825 16826 7ff7a3b359d1 SystemTimeToTzSpecificLocalTime 16823->16826 16824->16823 16824->16825 16827 7ff7a3b2c5c0 _log10_special 8 API calls 16825->16827 16826->16825 16828 7ff7a3b358a9 16827->16828 16828->16775 16830 7ff7a3b37f02 16829->16830 16831 7ff7a3b37e94 16829->16831 16866 7ff7a3b40830 16830->16866 16831->16830 16833 7ff7a3b37e99 16831->16833 16835 7ff7a3b37ece 16833->16835 16836 7ff7a3b37eb1 16833->16836 16834 7ff7a3b37ec6 __vcrt_freefls 16834->16794 16849 7ff7a3b37cbc GetFullPathNameW 16835->16849 16841 7ff7a3b37c48 GetFullPathNameW 16836->16841 16842 7ff7a3b37c6e GetLastError 16841->16842 16843 7ff7a3b37c84 16841->16843 16844 7ff7a3b34eec _fread_nolock 11 API calls 16842->16844 16847 7ff7a3b34f78 _get_daylight 11 API calls 16843->16847 16848 7ff7a3b37c80 16843->16848 16845 7ff7a3b37c7b 16844->16845 16846 7ff7a3b34f78 _get_daylight 11 API calls 16845->16846 16846->16848 16847->16848 16848->16834 16850 7ff7a3b37cef GetLastError 16849->16850 16853 7ff7a3b37d05 __vcrt_freefls 16849->16853 16851 7ff7a3b34eec _fread_nolock 11 API calls 16850->16851 16852 7ff7a3b37cfc 16851->16852 16854 7ff7a3b34f78 _get_daylight 11 API calls 16852->16854 16855 7ff7a3b37d01 16853->16855 16856 7ff7a3b37d5f GetFullPathNameW 16853->16856 16854->16855 16857 7ff7a3b37d94 16855->16857 16856->16850 16856->16855 16858 7ff7a3b37dbd memcpy_s 16857->16858 16862 7ff7a3b37e08 memcpy_s 16857->16862 16859 7ff7a3b37df1 16858->16859 16858->16862 16863 7ff7a3b37e2a 16858->16863 16860 7ff7a3b34f78 _get_daylight 11 API calls 16859->16860 16861 7ff7a3b37df6 16860->16861 16864 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 16861->16864 16862->16834 16863->16862 16865 7ff7a3b34f78 _get_daylight 11 API calls 16863->16865 16864->16862 16865->16861 16869 7ff7a3b40640 16866->16869 16870 7ff7a3b4066b 16869->16870 16871 7ff7a3b40682 16869->16871 16874 7ff7a3b34f78 _get_daylight 11 API calls 16870->16874 16872 7ff7a3b406a7 16871->16872 16873 7ff7a3b40686 16871->16873 16907 7ff7a3b3f628 16872->16907 16895 7ff7a3b407ac 16873->16895 16890 7ff7a3b40670 16874->16890 16878 7ff7a3b406ac 16883 7ff7a3b40751 16878->16883 16887 7ff7a3b406d3 16878->16887 16879 7ff7a3b4068f 16881 7ff7a3b34f58 _fread_nolock 11 API calls 16879->16881 16880 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 16894 7ff7a3b4067b __vcrt_freefls 16880->16894 16882 7ff7a3b40694 16881->16882 16886 7ff7a3b34f78 _get_daylight 11 API calls 16882->16886 16883->16870 16884 7ff7a3b40759 16883->16884 16888 7ff7a3b37c48 13 API calls 16884->16888 16885 7ff7a3b2c5c0 _log10_special 8 API calls 16889 7ff7a3b407a1 16885->16889 16886->16890 16891 7ff7a3b37cbc 14 API calls 16887->16891 16888->16894 16889->16834 16890->16880 16892 7ff7a3b40717 16891->16892 16893 7ff7a3b37d94 37 API calls 16892->16893 16892->16894 16893->16894 16894->16885 16896 7ff7a3b407f6 16895->16896 16897 7ff7a3b407c6 16895->16897 16898 7ff7a3b40801 GetDriveTypeW 16896->16898 16901 7ff7a3b407e1 16896->16901 16899 7ff7a3b34f58 _fread_nolock 11 API calls 16897->16899 16898->16901 16900 7ff7a3b407cb 16899->16900 16902 7ff7a3b34f78 _get_daylight 11 API calls 16900->16902 16903 7ff7a3b2c5c0 _log10_special 8 API calls 16901->16903 16904 7ff7a3b407d6 16902->16904 16905 7ff7a3b4068b 16903->16905 16906 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 16904->16906 16905->16878 16905->16879 16906->16901 16921 7ff7a3b4a540 16907->16921 16909 7ff7a3b3f65e GetCurrentDirectoryW 16910 7ff7a3b3f69c 16909->16910 16911 7ff7a3b3f675 16909->16911 16912 7ff7a3b3ec08 _get_daylight 11 API calls 16910->16912 16913 7ff7a3b2c5c0 _log10_special 8 API calls 16911->16913 16914 7ff7a3b3f6ab 16912->16914 16915 7ff7a3b3f709 16913->16915 16916 7ff7a3b3f6b5 GetCurrentDirectoryW 16914->16916 16917 7ff7a3b3f6c4 16914->16917 16915->16878 16916->16917 16918 7ff7a3b3f6c9 16916->16918 16919 7ff7a3b34f78 _get_daylight 11 API calls 16917->16919 16920 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16918->16920 16919->16918 16920->16911 16922 7ff7a3b4a530 16921->16922 16922->16909 16922->16922 16924 7ff7a3b3f7c5 16923->16924 16925 7ff7a3b3f7a1 16923->16925 16928 7ff7a3b3f7ff 16924->16928 16931 7ff7a3b3f81e 16924->16931 16925->16924 16926 7ff7a3b3f7a6 16925->16926 16927 7ff7a3b34f78 _get_daylight 11 API calls 16926->16927 16929 7ff7a3b3f7ab 16927->16929 16930 7ff7a3b34f78 _get_daylight 11 API calls 16928->16930 16933 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 16929->16933 16934 7ff7a3b3f804 16930->16934 16932 7ff7a3b34fbc 45 API calls 16931->16932 16937 7ff7a3b3f82b 16932->16937 16935 7ff7a3b3f7b6 16933->16935 16936 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 16934->16936 16935->16808 16938 7ff7a3b3f80f 16936->16938 16937->16938 16939 7ff7a3b4054c 51 API calls 16937->16939 16938->16808 16939->16937 20504 7ff7a3b41720 20515 7ff7a3b47454 20504->20515 20516 7ff7a3b47461 20515->20516 20517 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20516->20517 20518 7ff7a3b4747d 20516->20518 20517->20516 20519 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20518->20519 20520 7ff7a3b41729 20518->20520 20519->20518 20521 7ff7a3b40348 EnterCriticalSection 20520->20521 16994 7ff7a3b2ccac 17015 7ff7a3b2ce7c 16994->17015 16997 7ff7a3b2cdf8 17169 7ff7a3b2d19c IsProcessorFeaturePresent 16997->17169 16998 7ff7a3b2ccc8 __scrt_acquire_startup_lock 17000 7ff7a3b2ce02 16998->17000 17005 7ff7a3b2cce6 __scrt_release_startup_lock 16998->17005 17001 7ff7a3b2d19c 7 API calls 17000->17001 17002 7ff7a3b2ce0d __FrameHandler3::FrameUnwindToEmptyState 17001->17002 17003 7ff7a3b2cd0b 17004 7ff7a3b2cd91 17021 7ff7a3b2d2e4 17004->17021 17005->17003 17005->17004 17158 7ff7a3b39b9c 17005->17158 17007 7ff7a3b2cd96 17024 7ff7a3b21000 17007->17024 17012 7ff7a3b2cdb9 17012->17002 17165 7ff7a3b2d000 17012->17165 17016 7ff7a3b2ce84 17015->17016 17017 7ff7a3b2ce90 __scrt_dllmain_crt_thread_attach 17016->17017 17018 7ff7a3b2ccc0 17017->17018 17019 7ff7a3b2ce9d 17017->17019 17018->16997 17018->16998 17019->17018 17176 7ff7a3b2d8f8 17019->17176 17022 7ff7a3b4a540 memcpy_s 17021->17022 17023 7ff7a3b2d2fb GetStartupInfoW 17022->17023 17023->17007 17025 7ff7a3b21009 17024->17025 17203 7ff7a3b354f4 17025->17203 17027 7ff7a3b237fb 17210 7ff7a3b236b0 17027->17210 17031 7ff7a3b2c5c0 _log10_special 8 API calls 17033 7ff7a3b23ca7 17031->17033 17163 7ff7a3b2d328 GetModuleHandleW 17033->17163 17034 7ff7a3b2383c 17377 7ff7a3b21c80 17034->17377 17035 7ff7a3b2391b 17386 7ff7a3b245b0 17035->17386 17039 7ff7a3b2385b 17282 7ff7a3b28a20 17039->17282 17041 7ff7a3b2396a 17409 7ff7a3b22710 17041->17409 17042 7ff7a3b2388e 17052 7ff7a3b238bb __vcrt_freefls 17042->17052 17381 7ff7a3b28b90 17042->17381 17045 7ff7a3b2395d 17046 7ff7a3b23962 17045->17046 17047 7ff7a3b23984 17045->17047 17405 7ff7a3b300bc 17046->17405 17048 7ff7a3b21c80 49 API calls 17047->17048 17051 7ff7a3b239a3 17048->17051 17056 7ff7a3b21950 115 API calls 17051->17056 17053 7ff7a3b28a20 14 API calls 17052->17053 17062 7ff7a3b238de __vcrt_freefls 17052->17062 17053->17062 17054 7ff7a3b28b30 40 API calls 17055 7ff7a3b23a0b 17054->17055 17057 7ff7a3b28b90 40 API calls 17055->17057 17058 7ff7a3b239ce 17056->17058 17059 7ff7a3b23a17 17057->17059 17058->17039 17061 7ff7a3b239de 17058->17061 17060 7ff7a3b28b90 40 API calls 17059->17060 17063 7ff7a3b23a23 17060->17063 17064 7ff7a3b22710 54 API calls 17061->17064 17062->17054 17066 7ff7a3b2390e __vcrt_freefls 17062->17066 17065 7ff7a3b28b90 40 API calls 17063->17065 17105 7ff7a3b23808 __vcrt_freefls 17064->17105 17065->17066 17067 7ff7a3b28a20 14 API calls 17066->17067 17068 7ff7a3b23a3b 17067->17068 17069 7ff7a3b23b2f 17068->17069 17070 7ff7a3b23a60 __vcrt_freefls 17068->17070 17071 7ff7a3b22710 54 API calls 17069->17071 17077 7ff7a3b23aab 17070->17077 17295 7ff7a3b28b30 17070->17295 17071->17105 17073 7ff7a3b28a20 14 API calls 17074 7ff7a3b23bf4 __vcrt_freefls 17073->17074 17075 7ff7a3b23d41 17074->17075 17076 7ff7a3b23c46 17074->17076 17420 7ff7a3b244d0 17075->17420 17078 7ff7a3b23c50 17076->17078 17079 7ff7a3b23cd4 17076->17079 17077->17073 17302 7ff7a3b290e0 17078->17302 17082 7ff7a3b28a20 14 API calls 17079->17082 17085 7ff7a3b23ce0 17082->17085 17083 7ff7a3b23d4f 17086 7ff7a3b23d71 17083->17086 17087 7ff7a3b23d65 17083->17087 17090 7ff7a3b23c61 17085->17090 17091 7ff7a3b23ced 17085->17091 17089 7ff7a3b21c80 49 API calls 17086->17089 17423 7ff7a3b24620 17087->17423 17099 7ff7a3b23cc8 __vcrt_freefls 17089->17099 17093 7ff7a3b22710 54 API calls 17090->17093 17094 7ff7a3b21c80 49 API calls 17091->17094 17093->17105 17097 7ff7a3b23d0b 17094->17097 17095 7ff7a3b23dc4 17352 7ff7a3b29400 17095->17352 17097->17099 17100 7ff7a3b23d12 17097->17100 17099->17095 17101 7ff7a3b23da7 SetDllDirectoryW LoadLibraryExW 17099->17101 17103 7ff7a3b22710 54 API calls 17100->17103 17101->17095 17102 7ff7a3b23dd7 SetDllDirectoryW 17106 7ff7a3b23e0a 17102->17106 17147 7ff7a3b23e5a 17102->17147 17103->17105 17105->17031 17108 7ff7a3b28a20 14 API calls 17106->17108 17107 7ff7a3b23ffc 17110 7ff7a3b24029 17107->17110 17111 7ff7a3b24006 PostMessageW GetMessageW 17107->17111 17114 7ff7a3b23e16 __vcrt_freefls 17108->17114 17109 7ff7a3b23f1b 17357 7ff7a3b233c0 17109->17357 17500 7ff7a3b23360 17110->17500 17111->17110 17117 7ff7a3b23ef2 17114->17117 17121 7ff7a3b23e4e 17114->17121 17120 7ff7a3b28b30 40 API calls 17117->17120 17120->17147 17121->17147 17426 7ff7a3b26db0 17121->17426 17127 7ff7a3b26fb0 FreeLibrary 17135 7ff7a3b23e81 17138 7ff7a3b23ea2 17135->17138 17150 7ff7a3b23e85 17135->17150 17447 7ff7a3b26df0 17135->17447 17138->17150 17147->17107 17147->17109 17150->17147 17159 7ff7a3b39bd4 17158->17159 17160 7ff7a3b39bb3 17158->17160 19428 7ff7a3b3a448 17159->19428 17160->17004 17164 7ff7a3b2d339 17163->17164 17164->17012 17167 7ff7a3b2d011 17165->17167 17166 7ff7a3b2cdd0 17166->17003 17167->17166 17168 7ff7a3b2d8f8 7 API calls 17167->17168 17168->17166 17170 7ff7a3b2d1c2 _isindst memcpy_s 17169->17170 17171 7ff7a3b2d1e1 RtlCaptureContext RtlLookupFunctionEntry 17170->17171 17172 7ff7a3b2d20a RtlVirtualUnwind 17171->17172 17173 7ff7a3b2d246 memcpy_s 17171->17173 17172->17173 17174 7ff7a3b2d278 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17173->17174 17175 7ff7a3b2d2c6 _isindst 17174->17175 17175->17000 17177 7ff7a3b2d90a 17176->17177 17178 7ff7a3b2d900 17176->17178 17177->17018 17182 7ff7a3b2dc94 17178->17182 17183 7ff7a3b2d905 17182->17183 17184 7ff7a3b2dca3 17182->17184 17186 7ff7a3b2dd00 17183->17186 17190 7ff7a3b2ded0 17184->17190 17187 7ff7a3b2dd2b 17186->17187 17188 7ff7a3b2dd0e DeleteCriticalSection 17187->17188 17189 7ff7a3b2dd2f 17187->17189 17188->17187 17189->17177 17194 7ff7a3b2dd38 17190->17194 17195 7ff7a3b2de22 TlsFree 17194->17195 17201 7ff7a3b2dd7c __vcrt_FlsAlloc 17194->17201 17196 7ff7a3b2ddaa LoadLibraryExW 17198 7ff7a3b2de49 17196->17198 17199 7ff7a3b2ddcb GetLastError 17196->17199 17197 7ff7a3b2de69 GetProcAddress 17197->17195 17198->17197 17200 7ff7a3b2de60 FreeLibrary 17198->17200 17199->17201 17200->17197 17201->17195 17201->17196 17201->17197 17202 7ff7a3b2dded LoadLibraryExW 17201->17202 17202->17198 17202->17201 17204 7ff7a3b3f4f0 17203->17204 17205 7ff7a3b3f543 17204->17205 17207 7ff7a3b3f596 17204->17207 17206 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 17205->17206 17209 7ff7a3b3f56c 17206->17209 17513 7ff7a3b3f3c8 17207->17513 17209->17027 17521 7ff7a3b2c8c0 17210->17521 17213 7ff7a3b236eb GetLastError 17528 7ff7a3b22c50 17213->17528 17214 7ff7a3b23710 17523 7ff7a3b292f0 FindFirstFileExW 17214->17523 17218 7ff7a3b2377d 17554 7ff7a3b294b0 17218->17554 17219 7ff7a3b23723 17543 7ff7a3b29370 CreateFileW 17219->17543 17221 7ff7a3b2c5c0 _log10_special 8 API calls 17224 7ff7a3b237b5 17221->17224 17224->17105 17232 7ff7a3b21950 17224->17232 17225 7ff7a3b2378b 17228 7ff7a3b23706 17225->17228 17230 7ff7a3b22810 49 API calls 17225->17230 17226 7ff7a3b2374c __vcrt_FlsAlloc 17226->17218 17227 7ff7a3b23734 17546 7ff7a3b22810 17227->17546 17228->17221 17230->17228 17233 7ff7a3b245b0 108 API calls 17232->17233 17234 7ff7a3b21985 17233->17234 17235 7ff7a3b21c43 17234->17235 17237 7ff7a3b27f80 83 API calls 17234->17237 17236 7ff7a3b2c5c0 _log10_special 8 API calls 17235->17236 17238 7ff7a3b21c5e 17236->17238 17239 7ff7a3b219cb 17237->17239 17238->17034 17238->17035 17281 7ff7a3b21a03 17239->17281 17899 7ff7a3b30744 17239->17899 17241 7ff7a3b300bc 74 API calls 17241->17235 17242 7ff7a3b219e5 17243 7ff7a3b21a08 17242->17243 17244 7ff7a3b219e9 17242->17244 17903 7ff7a3b3040c 17243->17903 17246 7ff7a3b34f78 _get_daylight 11 API calls 17244->17246 17247 7ff7a3b219ee 17246->17247 17906 7ff7a3b22910 17247->17906 17250 7ff7a3b21a26 17252 7ff7a3b34f78 _get_daylight 11 API calls 17250->17252 17251 7ff7a3b21a45 17255 7ff7a3b21a5c 17251->17255 17256 7ff7a3b21a7b 17251->17256 17253 7ff7a3b21a2b 17252->17253 17254 7ff7a3b22910 54 API calls 17253->17254 17254->17281 17258 7ff7a3b34f78 _get_daylight 11 API calls 17255->17258 17257 7ff7a3b21c80 49 API calls 17256->17257 17260 7ff7a3b21a92 17257->17260 17259 7ff7a3b21a61 17258->17259 17261 7ff7a3b22910 54 API calls 17259->17261 17262 7ff7a3b21c80 49 API calls 17260->17262 17261->17281 17263 7ff7a3b21add 17262->17263 17264 7ff7a3b30744 73 API calls 17263->17264 17265 7ff7a3b21b01 17264->17265 17266 7ff7a3b21b16 17265->17266 17267 7ff7a3b21b35 17265->17267 17269 7ff7a3b34f78 _get_daylight 11 API calls 17266->17269 17268 7ff7a3b3040c _fread_nolock 53 API calls 17267->17268 17270 7ff7a3b21b4a 17268->17270 17271 7ff7a3b21b1b 17269->17271 17272 7ff7a3b21b50 17270->17272 17273 7ff7a3b21b6f 17270->17273 17274 7ff7a3b22910 54 API calls 17271->17274 17275 7ff7a3b34f78 _get_daylight 11 API calls 17272->17275 17921 7ff7a3b30180 17273->17921 17274->17281 17277 7ff7a3b21b55 17275->17277 17279 7ff7a3b22910 54 API calls 17277->17279 17279->17281 17280 7ff7a3b22710 54 API calls 17280->17281 17281->17241 17283 7ff7a3b28a2a 17282->17283 17284 7ff7a3b29400 2 API calls 17283->17284 17285 7ff7a3b28a49 GetEnvironmentVariableW 17284->17285 17286 7ff7a3b28ab2 17285->17286 17287 7ff7a3b28a66 ExpandEnvironmentStringsW 17285->17287 17289 7ff7a3b2c5c0 _log10_special 8 API calls 17286->17289 17287->17286 17288 7ff7a3b28a88 17287->17288 17290 7ff7a3b294b0 2 API calls 17288->17290 17291 7ff7a3b28ac4 17289->17291 17292 7ff7a3b28a9a 17290->17292 17291->17042 17293 7ff7a3b2c5c0 _log10_special 8 API calls 17292->17293 17294 7ff7a3b28aaa 17293->17294 17294->17042 17296 7ff7a3b29400 2 API calls 17295->17296 17297 7ff7a3b28b4c 17296->17297 17298 7ff7a3b29400 2 API calls 17297->17298 17299 7ff7a3b28b5c 17298->17299 18136 7ff7a3b382a8 17299->18136 17301 7ff7a3b28b6a __vcrt_freefls 17301->17077 17303 7ff7a3b290f5 17302->17303 18154 7ff7a3b28760 GetCurrentProcess OpenProcessToken 17303->18154 17306 7ff7a3b28760 7 API calls 17307 7ff7a3b29121 17306->17307 17308 7ff7a3b2913a 17307->17308 17309 7ff7a3b29154 17307->17309 17310 7ff7a3b226b0 48 API calls 17308->17310 17311 7ff7a3b226b0 48 API calls 17309->17311 17313 7ff7a3b29152 17310->17313 17312 7ff7a3b29167 LocalFree LocalFree 17311->17312 17314 7ff7a3b29183 17312->17314 17316 7ff7a3b2918f 17312->17316 17313->17312 18164 7ff7a3b22b50 17314->18164 17317 7ff7a3b2c5c0 _log10_special 8 API calls 17316->17317 17318 7ff7a3b23c55 17317->17318 17318->17090 17319 7ff7a3b28850 17318->17319 17320 7ff7a3b28868 17319->17320 17321 7ff7a3b288ea GetTempPathW GetCurrentProcessId 17320->17321 17322 7ff7a3b2888c 17320->17322 18173 7ff7a3b225c0 17321->18173 17324 7ff7a3b28a20 14 API calls 17322->17324 17325 7ff7a3b28898 17324->17325 18180 7ff7a3b281c0 17325->18180 17326 7ff7a3b28918 __vcrt_freefls 17338 7ff7a3b28955 __vcrt_freefls 17326->17338 18177 7ff7a3b38bd8 17326->18177 17331 7ff7a3b288d8 __vcrt_freefls 17351 7ff7a3b289c4 __vcrt_freefls 17331->17351 17333 7ff7a3b382a8 38 API calls 17334 7ff7a3b288be __vcrt_freefls 17333->17334 17334->17321 17337 7ff7a3b2c5c0 _log10_special 8 API calls 17339 7ff7a3b23cbb 17337->17339 17343 7ff7a3b29400 2 API calls 17338->17343 17338->17351 17339->17090 17339->17099 17344 7ff7a3b289a1 17343->17344 17345 7ff7a3b289d9 17344->17345 17346 7ff7a3b289a6 17344->17346 17348 7ff7a3b382a8 38 API calls 17345->17348 17347 7ff7a3b29400 2 API calls 17346->17347 17349 7ff7a3b289b6 17347->17349 17348->17351 17350 7ff7a3b382a8 38 API calls 17349->17350 17350->17351 17351->17337 17353 7ff7a3b29422 MultiByteToWideChar 17352->17353 17354 7ff7a3b29446 17352->17354 17353->17354 17356 7ff7a3b2945c __vcrt_freefls 17353->17356 17355 7ff7a3b29463 MultiByteToWideChar 17354->17355 17354->17356 17355->17356 17356->17102 17369 7ff7a3b233ce memcpy_s 17357->17369 17358 7ff7a3b2c5c0 _log10_special 8 API calls 17359 7ff7a3b23664 17358->17359 17359->17105 17376 7ff7a3b290c0 LocalFree 17359->17376 17360 7ff7a3b235c7 17360->17358 17362 7ff7a3b21c80 49 API calls 17362->17369 17363 7ff7a3b235e2 17365 7ff7a3b22710 54 API calls 17363->17365 17365->17360 17368 7ff7a3b235c9 17370 7ff7a3b22710 54 API calls 17368->17370 17369->17360 17369->17362 17369->17363 17369->17368 17371 7ff7a3b22a50 54 API calls 17369->17371 17374 7ff7a3b235d0 17369->17374 18351 7ff7a3b24550 17369->18351 18357 7ff7a3b27e10 17369->18357 18368 7ff7a3b21600 17369->18368 18416 7ff7a3b27110 17369->18416 18420 7ff7a3b24180 17369->18420 18464 7ff7a3b24440 17369->18464 17370->17360 17371->17369 17375 7ff7a3b22710 54 API calls 17374->17375 17375->17360 17378 7ff7a3b21ca5 17377->17378 17379 7ff7a3b349f4 49 API calls 17378->17379 17380 7ff7a3b21cc8 17379->17380 17380->17039 17382 7ff7a3b29400 2 API calls 17381->17382 17383 7ff7a3b28ba4 17382->17383 17384 7ff7a3b382a8 38 API calls 17383->17384 17385 7ff7a3b28bb6 __vcrt_freefls 17384->17385 17385->17052 17387 7ff7a3b245bc 17386->17387 17388 7ff7a3b29400 2 API calls 17387->17388 17389 7ff7a3b245e4 17388->17389 17390 7ff7a3b29400 2 API calls 17389->17390 17391 7ff7a3b245f7 17390->17391 18631 7ff7a3b36004 17391->18631 17394 7ff7a3b2c5c0 _log10_special 8 API calls 17395 7ff7a3b2392b 17394->17395 17395->17041 17396 7ff7a3b27f80 17395->17396 17397 7ff7a3b27fa4 17396->17397 17398 7ff7a3b30744 73 API calls 17397->17398 17403 7ff7a3b2807b __vcrt_freefls 17397->17403 17399 7ff7a3b27fc0 17398->17399 17399->17403 19022 7ff7a3b37938 17399->19022 17401 7ff7a3b30744 73 API calls 17404 7ff7a3b27fd5 17401->17404 17402 7ff7a3b3040c _fread_nolock 53 API calls 17402->17404 17403->17045 17404->17401 17404->17402 17404->17403 17406 7ff7a3b300ec 17405->17406 19037 7ff7a3b2fe98 17406->19037 17408 7ff7a3b30105 17408->17041 17410 7ff7a3b2c8c0 17409->17410 17411 7ff7a3b22734 GetCurrentProcessId 17410->17411 17412 7ff7a3b21c80 49 API calls 17411->17412 17413 7ff7a3b22787 17412->17413 17414 7ff7a3b349f4 49 API calls 17413->17414 17415 7ff7a3b227cf 17414->17415 17416 7ff7a3b22620 12 API calls 17415->17416 17417 7ff7a3b227f1 17416->17417 17418 7ff7a3b2c5c0 _log10_special 8 API calls 17417->17418 17419 7ff7a3b22801 17418->17419 17419->17105 17421 7ff7a3b21c80 49 API calls 17420->17421 17422 7ff7a3b244ed 17421->17422 17422->17083 17424 7ff7a3b21c80 49 API calls 17423->17424 17425 7ff7a3b24650 17424->17425 17425->17099 17427 7ff7a3b26dc5 17426->17427 17428 7ff7a3b23e6c 17427->17428 17429 7ff7a3b34f78 _get_daylight 11 API calls 17427->17429 17432 7ff7a3b27330 17428->17432 17430 7ff7a3b26dd2 17429->17430 17431 7ff7a3b22910 54 API calls 17430->17431 17431->17428 19048 7ff7a3b21470 17432->19048 17434 7ff7a3b27358 17435 7ff7a3b274a9 __vcrt_freefls 17434->17435 17436 7ff7a3b24620 49 API calls 17434->17436 17435->17135 17437 7ff7a3b2737a 17436->17437 17438 7ff7a3b2737f 17437->17438 17439 7ff7a3b24620 49 API calls 17437->17439 19154 7ff7a3b26350 17500->19154 17503 7ff7a3b23399 17509 7ff7a3b23670 17503->17509 17510 7ff7a3b2367e 17509->17510 17511 7ff7a3b2368f 17510->17511 19427 7ff7a3b29050 FreeLibrary 17510->19427 17511->17127 17520 7ff7a3b354dc EnterCriticalSection 17513->17520 17522 7ff7a3b236bc GetModuleFileNameW 17521->17522 17522->17213 17522->17214 17524 7ff7a3b29342 17523->17524 17525 7ff7a3b2932f FindClose 17523->17525 17526 7ff7a3b2c5c0 _log10_special 8 API calls 17524->17526 17525->17524 17527 7ff7a3b2371a 17526->17527 17527->17218 17527->17219 17529 7ff7a3b2c8c0 17528->17529 17530 7ff7a3b22c70 GetCurrentProcessId 17529->17530 17559 7ff7a3b226b0 17530->17559 17532 7ff7a3b22cb9 17563 7ff7a3b34c48 17532->17563 17535 7ff7a3b226b0 48 API calls 17536 7ff7a3b22d34 FormatMessageW 17535->17536 17538 7ff7a3b22d6d 17536->17538 17539 7ff7a3b22d7f MessageBoxW 17536->17539 17540 7ff7a3b226b0 48 API calls 17538->17540 17541 7ff7a3b2c5c0 _log10_special 8 API calls 17539->17541 17540->17539 17542 7ff7a3b22daf 17541->17542 17542->17228 17544 7ff7a3b23730 17543->17544 17545 7ff7a3b293b0 GetFinalPathNameByHandleW CloseHandle 17543->17545 17544->17226 17544->17227 17545->17544 17547 7ff7a3b22834 17546->17547 17548 7ff7a3b226b0 48 API calls 17547->17548 17549 7ff7a3b22887 17548->17549 17550 7ff7a3b34c48 48 API calls 17549->17550 17551 7ff7a3b228d0 MessageBoxW 17550->17551 17552 7ff7a3b2c5c0 _log10_special 8 API calls 17551->17552 17553 7ff7a3b22900 17552->17553 17553->17228 17555 7ff7a3b294da WideCharToMultiByte 17554->17555 17558 7ff7a3b29505 17554->17558 17556 7ff7a3b2951b __vcrt_freefls 17555->17556 17555->17558 17556->17225 17557 7ff7a3b29522 WideCharToMultiByte 17557->17556 17558->17556 17558->17557 17560 7ff7a3b226d5 17559->17560 17561 7ff7a3b34c48 48 API calls 17560->17561 17562 7ff7a3b226f8 17561->17562 17562->17532 17565 7ff7a3b34ca2 17563->17565 17564 7ff7a3b34cc7 17567 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 17564->17567 17565->17564 17566 7ff7a3b34d03 17565->17566 17581 7ff7a3b33000 17566->17581 17569 7ff7a3b34cf1 17567->17569 17571 7ff7a3b2c5c0 _log10_special 8 API calls 17569->17571 17570 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17570->17569 17573 7ff7a3b22d04 17571->17573 17573->17535 17574 7ff7a3b34e0a 17576 7ff7a3b34e14 17574->17576 17579 7ff7a3b34de4 17574->17579 17575 7ff7a3b34db0 17578 7ff7a3b34db9 17575->17578 17575->17579 17580 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17576->17580 17577 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17577->17569 17578->17577 17579->17570 17580->17569 17582 7ff7a3b3303e 17581->17582 17583 7ff7a3b3302e 17581->17583 17584 7ff7a3b33047 17582->17584 17589 7ff7a3b33075 17582->17589 17587 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 17583->17587 17585 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 17584->17585 17586 7ff7a3b3306d 17585->17586 17586->17574 17586->17575 17586->17578 17586->17579 17587->17586 17589->17583 17589->17586 17592 7ff7a3b33a14 17589->17592 17625 7ff7a3b33460 17589->17625 17662 7ff7a3b32bf0 17589->17662 17593 7ff7a3b33ac7 17592->17593 17594 7ff7a3b33a56 17592->17594 17597 7ff7a3b33acc 17593->17597 17598 7ff7a3b33b20 17593->17598 17595 7ff7a3b33a5c 17594->17595 17596 7ff7a3b33af1 17594->17596 17599 7ff7a3b33a61 17595->17599 17600 7ff7a3b33a90 17595->17600 17685 7ff7a3b31dc4 17596->17685 17601 7ff7a3b33ace 17597->17601 17602 7ff7a3b33b01 17597->17602 17604 7ff7a3b33b37 17598->17604 17606 7ff7a3b33b2a 17598->17606 17611 7ff7a3b33b2f 17598->17611 17599->17604 17607 7ff7a3b33a67 17599->17607 17600->17607 17600->17611 17605 7ff7a3b33a70 17601->17605 17614 7ff7a3b33add 17601->17614 17692 7ff7a3b319b4 17602->17692 17699 7ff7a3b3471c 17604->17699 17623 7ff7a3b33b60 17605->17623 17665 7ff7a3b341c8 17605->17665 17606->17596 17606->17611 17607->17605 17612 7ff7a3b33aa2 17607->17612 17621 7ff7a3b33a8b 17607->17621 17611->17623 17703 7ff7a3b321d4 17611->17703 17612->17623 17675 7ff7a3b34504 17612->17675 17614->17596 17616 7ff7a3b33ae2 17614->17616 17616->17623 17681 7ff7a3b345c8 17616->17681 17617 7ff7a3b2c5c0 _log10_special 8 API calls 17618 7ff7a3b33e5a 17617->17618 17618->17589 17621->17623 17624 7ff7a3b33d4c 17621->17624 17710 7ff7a3b34830 17621->17710 17623->17617 17624->17623 17716 7ff7a3b3ea78 17624->17716 17626 7ff7a3b3346e 17625->17626 17627 7ff7a3b33484 17625->17627 17628 7ff7a3b334c4 17626->17628 17629 7ff7a3b33ac7 17626->17629 17630 7ff7a3b33a56 17626->17630 17627->17628 17631 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 17627->17631 17628->17589 17634 7ff7a3b33acc 17629->17634 17635 7ff7a3b33b20 17629->17635 17632 7ff7a3b33a5c 17630->17632 17633 7ff7a3b33af1 17630->17633 17631->17628 17636 7ff7a3b33a61 17632->17636 17637 7ff7a3b33a90 17632->17637 17640 7ff7a3b31dc4 38 API calls 17633->17640 17638 7ff7a3b33ace 17634->17638 17639 7ff7a3b33b01 17634->17639 17641 7ff7a3b33b37 17635->17641 17643 7ff7a3b33b2a 17635->17643 17648 7ff7a3b33b2f 17635->17648 17636->17641 17644 7ff7a3b33a67 17636->17644 17637->17644 17637->17648 17642 7ff7a3b33a70 17638->17642 17651 7ff7a3b33add 17638->17651 17646 7ff7a3b319b4 38 API calls 17639->17646 17657 7ff7a3b33a8b 17640->17657 17645 7ff7a3b3471c 45 API calls 17641->17645 17647 7ff7a3b341c8 47 API calls 17642->17647 17660 7ff7a3b33b60 17642->17660 17643->17633 17643->17648 17644->17642 17649 7ff7a3b33aa2 17644->17649 17644->17657 17645->17657 17646->17657 17647->17657 17650 7ff7a3b321d4 38 API calls 17648->17650 17648->17660 17652 7ff7a3b34504 46 API calls 17649->17652 17649->17660 17650->17657 17651->17633 17653 7ff7a3b33ae2 17651->17653 17652->17657 17655 7ff7a3b345c8 37 API calls 17653->17655 17653->17660 17654 7ff7a3b2c5c0 _log10_special 8 API calls 17656 7ff7a3b33e5a 17654->17656 17655->17657 17656->17589 17658 7ff7a3b34830 45 API calls 17657->17658 17657->17660 17661 7ff7a3b33d4c 17657->17661 17658->17661 17659 7ff7a3b3ea78 46 API calls 17659->17661 17660->17654 17661->17659 17661->17660 17882 7ff7a3b31038 17662->17882 17666 7ff7a3b341ee 17665->17666 17728 7ff7a3b30bf0 17666->17728 17671 7ff7a3b34830 45 API calls 17672 7ff7a3b34333 17671->17672 17672->17672 17673 7ff7a3b34830 45 API calls 17672->17673 17674 7ff7a3b343c1 17672->17674 17673->17674 17674->17621 17676 7ff7a3b34539 17675->17676 17677 7ff7a3b34557 17676->17677 17678 7ff7a3b34830 45 API calls 17676->17678 17680 7ff7a3b3457e 17676->17680 17679 7ff7a3b3ea78 46 API calls 17677->17679 17678->17677 17679->17680 17680->17621 17684 7ff7a3b345e9 17681->17684 17682 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 17683 7ff7a3b3461a 17682->17683 17683->17621 17684->17682 17684->17683 17686 7ff7a3b31df7 17685->17686 17687 7ff7a3b31e26 17686->17687 17689 7ff7a3b31ee3 17686->17689 17691 7ff7a3b31e63 17687->17691 17855 7ff7a3b30c98 17687->17855 17690 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 17689->17690 17690->17691 17691->17621 17693 7ff7a3b319e7 17692->17693 17694 7ff7a3b31a16 17693->17694 17696 7ff7a3b31ad3 17693->17696 17695 7ff7a3b30c98 12 API calls 17694->17695 17698 7ff7a3b31a53 17694->17698 17695->17698 17697 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 17696->17697 17697->17698 17698->17621 17700 7ff7a3b3475f 17699->17700 17702 7ff7a3b34763 __crtLCMapStringW 17700->17702 17863 7ff7a3b347b8 17700->17863 17702->17621 17704 7ff7a3b32207 17703->17704 17705 7ff7a3b32236 17704->17705 17707 7ff7a3b322f3 17704->17707 17706 7ff7a3b30c98 12 API calls 17705->17706 17709 7ff7a3b32273 17705->17709 17706->17709 17708 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 17707->17708 17708->17709 17709->17621 17711 7ff7a3b34847 17710->17711 17867 7ff7a3b3da28 17711->17867 17718 7ff7a3b3eaa9 17716->17718 17726 7ff7a3b3eab7 17716->17726 17717 7ff7a3b3ead7 17719 7ff7a3b3eae8 17717->17719 17720 7ff7a3b3eb0f 17717->17720 17718->17717 17721 7ff7a3b34830 45 API calls 17718->17721 17718->17726 17875 7ff7a3b40110 17719->17875 17723 7ff7a3b3eb9a 17720->17723 17724 7ff7a3b3eb39 17720->17724 17720->17726 17721->17717 17725 7ff7a3b3f910 _fread_nolock MultiByteToWideChar 17723->17725 17724->17726 17727 7ff7a3b3f910 _fread_nolock MultiByteToWideChar 17724->17727 17725->17726 17726->17624 17727->17726 17729 7ff7a3b30c27 17728->17729 17730 7ff7a3b30c16 17728->17730 17729->17730 17731 7ff7a3b3d66c _fread_nolock 12 API calls 17729->17731 17736 7ff7a3b3e5e0 17730->17736 17732 7ff7a3b30c54 17731->17732 17733 7ff7a3b30c68 17732->17733 17734 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17732->17734 17735 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17733->17735 17734->17733 17735->17730 17737 7ff7a3b3e5fd 17736->17737 17738 7ff7a3b3e630 17736->17738 17739 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 17737->17739 17738->17737 17740 7ff7a3b3e662 17738->17740 17755 7ff7a3b34311 17739->17755 17741 7ff7a3b3e6aa 17740->17741 17746 7ff7a3b3e775 17740->17746 17753 7ff7a3b3a514 __std_exception_copy 37 API calls 17741->17753 17741->17755 17742 7ff7a3b3e867 17782 7ff7a3b3dacc 17742->17782 17744 7ff7a3b3e82d 17775 7ff7a3b3de64 17744->17775 17746->17742 17746->17744 17747 7ff7a3b3e7fc 17746->17747 17748 7ff7a3b3e7bf 17746->17748 17750 7ff7a3b3e7b5 17746->17750 17768 7ff7a3b3e144 17747->17768 17758 7ff7a3b3e374 17748->17758 17750->17744 17752 7ff7a3b3e7ba 17750->17752 17752->17747 17752->17748 17754 7ff7a3b3e762 17753->17754 17754->17755 17756 7ff7a3b3a970 _isindst 17 API calls 17754->17756 17755->17671 17755->17672 17757 7ff7a3b3e8c4 17756->17757 17791 7ff7a3b4411c 17758->17791 17762 7ff7a3b3e471 17844 7ff7a3b3df60 17762->17844 17763 7ff7a3b3e41c 17763->17762 17764 7ff7a3b3e43c 17763->17764 17767 7ff7a3b3e420 17763->17767 17840 7ff7a3b3e21c 17764->17840 17767->17755 17769 7ff7a3b4411c 38 API calls 17768->17769 17770 7ff7a3b3e18e 17769->17770 17771 7ff7a3b43b64 37 API calls 17770->17771 17772 7ff7a3b3e1de 17771->17772 17773 7ff7a3b3e1e2 17772->17773 17774 7ff7a3b3e21c 45 API calls 17772->17774 17773->17755 17774->17773 17776 7ff7a3b4411c 38 API calls 17775->17776 17777 7ff7a3b3deaf 17776->17777 17778 7ff7a3b43b64 37 API calls 17777->17778 17779 7ff7a3b3df07 17778->17779 17780 7ff7a3b3df0b 17779->17780 17781 7ff7a3b3df60 45 API calls 17779->17781 17780->17755 17781->17780 17783 7ff7a3b3db11 17782->17783 17784 7ff7a3b3db44 17782->17784 17786 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 17783->17786 17785 7ff7a3b3db5c 17784->17785 17788 7ff7a3b3dbdd 17784->17788 17787 7ff7a3b3de64 46 API calls 17785->17787 17790 7ff7a3b3db3d memcpy_s 17786->17790 17787->17790 17789 7ff7a3b34830 45 API calls 17788->17789 17788->17790 17789->17790 17790->17755 17792 7ff7a3b4416f fegetenv 17791->17792 17793 7ff7a3b47e9c 37 API calls 17792->17793 17798 7ff7a3b441c2 17793->17798 17794 7ff7a3b441ef 17797 7ff7a3b3a514 __std_exception_copy 37 API calls 17794->17797 17795 7ff7a3b442b2 17796 7ff7a3b47e9c 37 API calls 17795->17796 17799 7ff7a3b442dc 17796->17799 17800 7ff7a3b4426d 17797->17800 17798->17795 17801 7ff7a3b441dd 17798->17801 17802 7ff7a3b4428c 17798->17802 17803 7ff7a3b47e9c 37 API calls 17799->17803 17804 7ff7a3b45394 17800->17804 17810 7ff7a3b44275 17800->17810 17801->17794 17801->17795 17805 7ff7a3b3a514 __std_exception_copy 37 API calls 17802->17805 17806 7ff7a3b442ed 17803->17806 17808 7ff7a3b3a970 _isindst 17 API calls 17804->17808 17805->17800 17807 7ff7a3b48090 20 API calls 17806->17807 17813 7ff7a3b44356 memcpy_s 17807->17813 17809 7ff7a3b453a9 17808->17809 17811 7ff7a3b2c5c0 _log10_special 8 API calls 17810->17811 17812 7ff7a3b3e3c1 17811->17812 17836 7ff7a3b43b64 17812->17836 17814 7ff7a3b44397 memcpy_s 17813->17814 17815 7ff7a3b446ff memcpy_s 17813->17815 17820 7ff7a3b34f78 _get_daylight 11 API calls 17813->17820 17831 7ff7a3b44cdb memcpy_s 17814->17831 17832 7ff7a3b447f3 memcpy_s 17814->17832 17816 7ff7a3b44a3f 17817 7ff7a3b43c80 37 API calls 17816->17817 17822 7ff7a3b45157 17817->17822 17818 7ff7a3b449eb 17818->17816 17819 7ff7a3b453ac memcpy_s 37 API calls 17818->17819 17819->17816 17821 7ff7a3b447d0 17820->17821 17823 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 17821->17823 17825 7ff7a3b453ac memcpy_s 37 API calls 17822->17825 17835 7ff7a3b451b2 17822->17835 17823->17814 17824 7ff7a3b45338 17826 7ff7a3b47e9c 37 API calls 17824->17826 17825->17835 17826->17810 17827 7ff7a3b34f78 11 API calls _get_daylight 17827->17831 17828 7ff7a3b34f78 11 API calls _get_daylight 17828->17832 17829 7ff7a3b43c80 37 API calls 17829->17835 17830 7ff7a3b3a950 37 API calls _invalid_parameter_noinfo 17830->17831 17831->17816 17831->17818 17831->17827 17831->17830 17832->17818 17832->17828 17833 7ff7a3b3a950 37 API calls _invalid_parameter_noinfo 17832->17833 17833->17832 17834 7ff7a3b453ac memcpy_s 37 API calls 17834->17835 17835->17824 17835->17829 17835->17834 17838 7ff7a3b43b83 17836->17838 17837 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 17839 7ff7a3b43bae memcpy_s 17837->17839 17838->17837 17838->17839 17839->17763 17841 7ff7a3b3e248 memcpy_s 17840->17841 17842 7ff7a3b34830 45 API calls 17841->17842 17843 7ff7a3b3e302 memcpy_s 17841->17843 17842->17843 17843->17767 17845 7ff7a3b3df9b 17844->17845 17849 7ff7a3b3dfe8 memcpy_s 17844->17849 17846 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 17845->17846 17847 7ff7a3b3dfc7 17846->17847 17847->17767 17848 7ff7a3b3e053 17850 7ff7a3b3a514 __std_exception_copy 37 API calls 17848->17850 17849->17848 17851 7ff7a3b34830 45 API calls 17849->17851 17854 7ff7a3b3e095 memcpy_s 17850->17854 17851->17848 17852 7ff7a3b3a970 _isindst 17 API calls 17853 7ff7a3b3e140 17852->17853 17854->17852 17856 7ff7a3b30ccf 17855->17856 17862 7ff7a3b30cbe 17855->17862 17857 7ff7a3b3d66c _fread_nolock 12 API calls 17856->17857 17856->17862 17858 7ff7a3b30d00 17857->17858 17859 7ff7a3b30d14 17858->17859 17861 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17858->17861 17860 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17859->17860 17860->17862 17861->17859 17862->17691 17864 7ff7a3b347de 17863->17864 17865 7ff7a3b347d6 17863->17865 17864->17702 17866 7ff7a3b34830 45 API calls 17865->17866 17866->17864 17868 7ff7a3b3da41 17867->17868 17870 7ff7a3b3486f 17867->17870 17869 7ff7a3b43374 45 API calls 17868->17869 17868->17870 17869->17870 17871 7ff7a3b3da94 17870->17871 17872 7ff7a3b3daad 17871->17872 17873 7ff7a3b3487f 17871->17873 17872->17873 17874 7ff7a3b426c0 45 API calls 17872->17874 17873->17624 17874->17873 17878 7ff7a3b46df8 17875->17878 17881 7ff7a3b46e5c 17878->17881 17879 7ff7a3b2c5c0 _log10_special 8 API calls 17880 7ff7a3b4012d 17879->17880 17880->17726 17881->17879 17883 7ff7a3b3106d 17882->17883 17884 7ff7a3b3107f 17882->17884 17885 7ff7a3b34f78 _get_daylight 11 API calls 17883->17885 17886 7ff7a3b310c9 17884->17886 17888 7ff7a3b3108d 17884->17888 17887 7ff7a3b31072 17885->17887 17891 7ff7a3b31445 17886->17891 17893 7ff7a3b34f78 _get_daylight 11 API calls 17886->17893 17889 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 17887->17889 17890 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 17888->17890 17896 7ff7a3b3107d 17889->17896 17890->17896 17892 7ff7a3b34f78 _get_daylight 11 API calls 17891->17892 17891->17896 17894 7ff7a3b316d9 17892->17894 17895 7ff7a3b3143a 17893->17895 17897 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 17894->17897 17898 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 17895->17898 17896->17589 17897->17896 17898->17891 17900 7ff7a3b30774 17899->17900 17927 7ff7a3b304d4 17900->17927 17902 7ff7a3b3078d 17902->17242 17939 7ff7a3b3042c 17903->17939 17907 7ff7a3b2c8c0 17906->17907 17908 7ff7a3b22930 GetCurrentProcessId 17907->17908 17909 7ff7a3b21c80 49 API calls 17908->17909 17910 7ff7a3b22979 17909->17910 17953 7ff7a3b349f4 17910->17953 17915 7ff7a3b21c80 49 API calls 17916 7ff7a3b229ff 17915->17916 17983 7ff7a3b22620 17916->17983 17919 7ff7a3b2c5c0 _log10_special 8 API calls 17920 7ff7a3b22a31 17919->17920 17920->17281 17922 7ff7a3b30189 17921->17922 17926 7ff7a3b21b89 17921->17926 17923 7ff7a3b34f78 _get_daylight 11 API calls 17922->17923 17924 7ff7a3b3018e 17923->17924 17925 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 17924->17925 17925->17926 17926->17280 17926->17281 17928 7ff7a3b3053e 17927->17928 17929 7ff7a3b304fe 17927->17929 17928->17929 17931 7ff7a3b3054a 17928->17931 17930 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 17929->17930 17937 7ff7a3b30525 17930->17937 17938 7ff7a3b354dc EnterCriticalSection 17931->17938 17937->17902 17940 7ff7a3b30456 17939->17940 17951 7ff7a3b21a20 17939->17951 17941 7ff7a3b304a2 17940->17941 17942 7ff7a3b30465 memcpy_s 17940->17942 17940->17951 17952 7ff7a3b354dc EnterCriticalSection 17941->17952 17945 7ff7a3b34f78 _get_daylight 11 API calls 17942->17945 17947 7ff7a3b3047a 17945->17947 17949 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 17947->17949 17949->17951 17951->17250 17951->17251 17954 7ff7a3b34a4e 17953->17954 17955 7ff7a3b34a73 17954->17955 17957 7ff7a3b34aaf 17954->17957 17956 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 17955->17956 17959 7ff7a3b34a9d 17956->17959 17992 7ff7a3b32c80 17957->17992 17960 7ff7a3b2c5c0 _log10_special 8 API calls 17959->17960 17962 7ff7a3b229c3 17960->17962 17961 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17961->17959 17971 7ff7a3b351d0 17962->17971 17964 7ff7a3b34bb0 17965 7ff7a3b34bba 17964->17965 17968 7ff7a3b34b8c 17964->17968 17969 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17965->17969 17966 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17966->17959 17967 7ff7a3b34b58 17967->17968 17970 7ff7a3b34b61 17967->17970 17968->17961 17969->17959 17970->17966 17972 7ff7a3b3b338 _get_daylight 11 API calls 17971->17972 17973 7ff7a3b351e7 17972->17973 17974 7ff7a3b35227 17973->17974 17975 7ff7a3b3ec08 _get_daylight 11 API calls 17973->17975 17980 7ff7a3b229e5 17973->17980 17974->17980 18127 7ff7a3b3ec90 17974->18127 17976 7ff7a3b3521c 17975->17976 17977 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17976->17977 17977->17974 17980->17915 17981 7ff7a3b3a970 _isindst 17 API calls 17982 7ff7a3b3526c 17981->17982 17984 7ff7a3b2262f 17983->17984 17985 7ff7a3b29400 2 API calls 17984->17985 17986 7ff7a3b22660 17985->17986 17987 7ff7a3b2266f MessageBoxW 17986->17987 17988 7ff7a3b22683 MessageBoxA 17986->17988 17989 7ff7a3b22690 17987->17989 17988->17989 17990 7ff7a3b2c5c0 _log10_special 8 API calls 17989->17990 17991 7ff7a3b226a0 17990->17991 17991->17919 17993 7ff7a3b32cbe 17992->17993 17998 7ff7a3b32cae 17992->17998 17994 7ff7a3b32cc7 17993->17994 18002 7ff7a3b32cf5 17993->18002 17995 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 17994->17995 17996 7ff7a3b32ced 17995->17996 17996->17964 17996->17967 17996->17968 17996->17970 17997 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 17997->17996 17998->17997 17999 7ff7a3b34830 45 API calls 17999->18002 18001 7ff7a3b32fa4 18004 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 18001->18004 18002->17996 18002->17998 18002->17999 18002->18001 18006 7ff7a3b33610 18002->18006 18032 7ff7a3b332d8 18002->18032 18062 7ff7a3b32b60 18002->18062 18004->17998 18007 7ff7a3b33652 18006->18007 18008 7ff7a3b336c5 18006->18008 18009 7ff7a3b33658 18007->18009 18010 7ff7a3b336ef 18007->18010 18011 7ff7a3b336ca 18008->18011 18012 7ff7a3b3371f 18008->18012 18017 7ff7a3b3365d 18009->18017 18021 7ff7a3b3372e 18009->18021 18079 7ff7a3b31bc0 18010->18079 18013 7ff7a3b336cc 18011->18013 18014 7ff7a3b336ff 18011->18014 18012->18010 18012->18021 18029 7ff7a3b33688 18012->18029 18016 7ff7a3b3366d 18013->18016 18020 7ff7a3b336db 18013->18020 18086 7ff7a3b317b0 18014->18086 18031 7ff7a3b3375d 18016->18031 18065 7ff7a3b33f74 18016->18065 18017->18016 18022 7ff7a3b336a0 18017->18022 18017->18029 18020->18010 18024 7ff7a3b336e0 18020->18024 18021->18031 18093 7ff7a3b31fd0 18021->18093 18022->18031 18075 7ff7a3b34430 18022->18075 18027 7ff7a3b345c8 37 API calls 18024->18027 18024->18031 18026 7ff7a3b2c5c0 _log10_special 8 API calls 18028 7ff7a3b339f3 18026->18028 18027->18029 18028->18002 18029->18031 18100 7ff7a3b3e8c8 18029->18100 18031->18026 18033 7ff7a3b332f9 18032->18033 18034 7ff7a3b332e3 18032->18034 18035 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 18033->18035 18050 7ff7a3b33337 18033->18050 18036 7ff7a3b33652 18034->18036 18037 7ff7a3b336c5 18034->18037 18034->18050 18035->18050 18038 7ff7a3b336ef 18036->18038 18040 7ff7a3b33658 18036->18040 18039 7ff7a3b336ca 18037->18039 18043 7ff7a3b3371f 18037->18043 18044 7ff7a3b31bc0 38 API calls 18038->18044 18041 7ff7a3b336cc 18039->18041 18042 7ff7a3b336ff 18039->18042 18048 7ff7a3b3372e 18040->18048 18049 7ff7a3b3365d 18040->18049 18045 7ff7a3b3366d 18041->18045 18051 7ff7a3b336db 18041->18051 18046 7ff7a3b317b0 38 API calls 18042->18046 18043->18038 18043->18048 18060 7ff7a3b33688 18043->18060 18044->18060 18047 7ff7a3b33f74 47 API calls 18045->18047 18061 7ff7a3b3375d 18045->18061 18046->18060 18047->18060 18053 7ff7a3b31fd0 38 API calls 18048->18053 18048->18061 18049->18045 18052 7ff7a3b336a0 18049->18052 18049->18060 18050->18002 18051->18038 18054 7ff7a3b336e0 18051->18054 18055 7ff7a3b34430 47 API calls 18052->18055 18052->18061 18053->18060 18057 7ff7a3b345c8 37 API calls 18054->18057 18054->18061 18055->18060 18056 7ff7a3b2c5c0 _log10_special 8 API calls 18058 7ff7a3b339f3 18056->18058 18057->18060 18058->18002 18059 7ff7a3b3e8c8 47 API calls 18059->18060 18060->18059 18060->18061 18061->18056 18110 7ff7a3b30d84 18062->18110 18066 7ff7a3b33f96 18065->18066 18067 7ff7a3b30bf0 12 API calls 18066->18067 18068 7ff7a3b33fde 18067->18068 18069 7ff7a3b3e5e0 46 API calls 18068->18069 18070 7ff7a3b340b1 18069->18070 18071 7ff7a3b340d3 18070->18071 18072 7ff7a3b34830 45 API calls 18070->18072 18073 7ff7a3b34830 45 API calls 18071->18073 18074 7ff7a3b3415c 18071->18074 18072->18071 18073->18074 18074->18029 18076 7ff7a3b34448 18075->18076 18078 7ff7a3b344b0 18075->18078 18077 7ff7a3b3e8c8 47 API calls 18076->18077 18076->18078 18077->18078 18078->18029 18080 7ff7a3b31bf3 18079->18080 18081 7ff7a3b31c22 18080->18081 18083 7ff7a3b31cdf 18080->18083 18082 7ff7a3b30bf0 12 API calls 18081->18082 18085 7ff7a3b31c5f 18081->18085 18082->18085 18084 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 18083->18084 18084->18085 18085->18029 18087 7ff7a3b317e3 18086->18087 18088 7ff7a3b31812 18087->18088 18090 7ff7a3b318cf 18087->18090 18089 7ff7a3b30bf0 12 API calls 18088->18089 18091 7ff7a3b3184f 18088->18091 18089->18091 18092 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 18090->18092 18091->18029 18092->18091 18094 7ff7a3b32003 18093->18094 18095 7ff7a3b32032 18094->18095 18098 7ff7a3b320ef 18094->18098 18096 7ff7a3b3206f 18095->18096 18097 7ff7a3b30bf0 12 API calls 18095->18097 18096->18029 18097->18096 18099 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 18098->18099 18099->18096 18101 7ff7a3b3e8f0 18100->18101 18102 7ff7a3b3e935 18101->18102 18103 7ff7a3b34830 45 API calls 18101->18103 18106 7ff7a3b3e8f5 memcpy_s 18101->18106 18109 7ff7a3b3e91e memcpy_s 18101->18109 18105 7ff7a3b40858 WideCharToMultiByte 18102->18105 18102->18106 18102->18109 18103->18102 18104 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 18104->18106 18107 7ff7a3b3ea11 18105->18107 18106->18029 18107->18106 18108 7ff7a3b3ea26 GetLastError 18107->18108 18108->18106 18108->18109 18109->18104 18109->18106 18111 7ff7a3b30db1 18110->18111 18112 7ff7a3b30dc3 18110->18112 18113 7ff7a3b34f78 _get_daylight 11 API calls 18111->18113 18114 7ff7a3b30dd0 18112->18114 18118 7ff7a3b30e0d 18112->18118 18115 7ff7a3b30db6 18113->18115 18117 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 18114->18117 18116 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 18115->18116 18122 7ff7a3b30dc1 18116->18122 18117->18122 18119 7ff7a3b30eb6 18118->18119 18120 7ff7a3b34f78 _get_daylight 11 API calls 18118->18120 18121 7ff7a3b34f78 _get_daylight 11 API calls 18119->18121 18119->18122 18123 7ff7a3b30eab 18120->18123 18124 7ff7a3b30f60 18121->18124 18122->18002 18125 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 18123->18125 18126 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 18124->18126 18125->18119 18126->18122 18128 7ff7a3b3ecad 18127->18128 18130 7ff7a3b3524d 18128->18130 18132 7ff7a3b3ecb2 18128->18132 18134 7ff7a3b3ecfc 18128->18134 18129 7ff7a3b34f78 _get_daylight 11 API calls 18131 7ff7a3b3ecbc 18129->18131 18130->17980 18130->17981 18133 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 18131->18133 18132->18129 18132->18130 18133->18130 18134->18130 18135 7ff7a3b34f78 _get_daylight 11 API calls 18134->18135 18135->18131 18137 7ff7a3b382c8 18136->18137 18138 7ff7a3b382b5 18136->18138 18146 7ff7a3b37f2c 18137->18146 18139 7ff7a3b34f78 _get_daylight 11 API calls 18138->18139 18142 7ff7a3b382ba 18139->18142 18144 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 18142->18144 18143 7ff7a3b382c6 18143->17301 18144->18143 18153 7ff7a3b40348 EnterCriticalSection 18146->18153 18155 7ff7a3b287a1 GetTokenInformation 18154->18155 18156 7ff7a3b28823 __vcrt_freefls 18154->18156 18157 7ff7a3b287cd 18155->18157 18158 7ff7a3b287c2 GetLastError 18155->18158 18159 7ff7a3b2883c 18156->18159 18160 7ff7a3b28836 CloseHandle 18156->18160 18157->18156 18161 7ff7a3b287e9 GetTokenInformation 18157->18161 18158->18156 18158->18157 18159->17306 18160->18159 18161->18156 18162 7ff7a3b2880c 18161->18162 18162->18156 18163 7ff7a3b28816 ConvertSidToStringSidW 18162->18163 18163->18156 18165 7ff7a3b2c8c0 18164->18165 18166 7ff7a3b22b74 GetCurrentProcessId 18165->18166 18167 7ff7a3b226b0 48 API calls 18166->18167 18168 7ff7a3b22bc7 18167->18168 18169 7ff7a3b34c48 48 API calls 18168->18169 18170 7ff7a3b22c10 MessageBoxW 18169->18170 18171 7ff7a3b2c5c0 _log10_special 8 API calls 18170->18171 18172 7ff7a3b22c40 18171->18172 18172->17316 18174 7ff7a3b225e5 18173->18174 18175 7ff7a3b34c48 48 API calls 18174->18175 18176 7ff7a3b22604 18175->18176 18176->17326 18212 7ff7a3b38804 18177->18212 18181 7ff7a3b281cc 18180->18181 18182 7ff7a3b29400 2 API calls 18181->18182 18183 7ff7a3b281eb 18182->18183 18184 7ff7a3b28206 ExpandEnvironmentStringsW 18183->18184 18185 7ff7a3b281f3 18183->18185 18187 7ff7a3b2822c __vcrt_freefls 18184->18187 18186 7ff7a3b22810 49 API calls 18185->18186 18211 7ff7a3b281ff __vcrt_freefls 18186->18211 18188 7ff7a3b28230 18187->18188 18189 7ff7a3b28243 18187->18189 18191 7ff7a3b22810 49 API calls 18188->18191 18193 7ff7a3b28251 GetDriveTypeW 18189->18193 18194 7ff7a3b282af 18189->18194 18190 7ff7a3b2c5c0 _log10_special 8 API calls 18192 7ff7a3b2839f 18190->18192 18191->18211 18192->17331 18192->17333 18197 7ff7a3b282a0 18193->18197 18198 7ff7a3b28285 18193->18198 18196 7ff7a3b37e78 45 API calls 18194->18196 18199 7ff7a3b282c1 18196->18199 18335 7ff7a3b379dc 18197->18335 18200 7ff7a3b22810 49 API calls 18198->18200 18202 7ff7a3b282c9 18199->18202 18205 7ff7a3b282dc 18199->18205 18200->18211 18203 7ff7a3b22810 49 API calls 18202->18203 18203->18211 18211->18190 18253 7ff7a3b415c8 18212->18253 18312 7ff7a3b41340 18253->18312 18333 7ff7a3b40348 EnterCriticalSection 18312->18333 18336 7ff7a3b379fa 18335->18336 18339 7ff7a3b37a2d 18335->18339 18336->18339 18339->18211 18352 7ff7a3b2455a 18351->18352 18353 7ff7a3b29400 2 API calls 18352->18353 18354 7ff7a3b2457f 18353->18354 18355 7ff7a3b2c5c0 _log10_special 8 API calls 18354->18355 18356 7ff7a3b245a7 18355->18356 18356->17369 18358 7ff7a3b27e1e 18357->18358 18359 7ff7a3b27f42 18358->18359 18360 7ff7a3b21c80 49 API calls 18358->18360 18361 7ff7a3b2c5c0 _log10_special 8 API calls 18359->18361 18364 7ff7a3b27ea5 18360->18364 18362 7ff7a3b27f73 18361->18362 18362->17369 18363 7ff7a3b21c80 49 API calls 18363->18364 18364->18359 18364->18363 18365 7ff7a3b24550 10 API calls 18364->18365 18366 7ff7a3b29400 2 API calls 18364->18366 18365->18364 18367 7ff7a3b27f13 CreateDirectoryW 18366->18367 18367->18359 18367->18364 18369 7ff7a3b21637 18368->18369 18370 7ff7a3b21613 18368->18370 18371 7ff7a3b245b0 108 API calls 18369->18371 18489 7ff7a3b21050 18370->18489 18373 7ff7a3b2164b 18371->18373 18375 7ff7a3b21682 18373->18375 18376 7ff7a3b21653 18373->18376 18374 7ff7a3b21618 18377 7ff7a3b2162e 18374->18377 18378 7ff7a3b22710 54 API calls 18374->18378 18380 7ff7a3b245b0 108 API calls 18375->18380 18379 7ff7a3b34f78 _get_daylight 11 API calls 18376->18379 18377->17369 18378->18377 18381 7ff7a3b21658 18379->18381 18382 7ff7a3b21696 18380->18382 18383 7ff7a3b22910 54 API calls 18381->18383 18384 7ff7a3b216b8 18382->18384 18385 7ff7a3b2169e 18382->18385 18387 7ff7a3b21671 18383->18387 18386 7ff7a3b30744 73 API calls 18384->18386 18388 7ff7a3b22710 54 API calls 18385->18388 18389 7ff7a3b216cd 18386->18389 18387->17369 18390 7ff7a3b216ae 18388->18390 18391 7ff7a3b216f9 18389->18391 18392 7ff7a3b216d1 18389->18392 18396 7ff7a3b300bc 74 API calls 18390->18396 18394 7ff7a3b21717 18391->18394 18395 7ff7a3b216ff 18391->18395 18393 7ff7a3b34f78 _get_daylight 11 API calls 18392->18393 18398 7ff7a3b216d6 18393->18398 18401 7ff7a3b21739 18394->18401 18411 7ff7a3b21761 18394->18411 18467 7ff7a3b21210 18395->18467 18397 7ff7a3b21829 18396->18397 18397->17369 18400 7ff7a3b22910 54 API calls 18398->18400 18407 7ff7a3b216ef __vcrt_freefls 18400->18407 18402 7ff7a3b34f78 _get_daylight 11 API calls 18401->18402 18406 7ff7a3b3040c _fread_nolock 53 API calls 18406->18411 18408 7ff7a3b217da 18411->18406 18411->18407 18411->18408 18412 7ff7a3b217c5 18411->18412 18520 7ff7a3b30b4c 18411->18520 18418 7ff7a3b2717b 18416->18418 18419 7ff7a3b27134 18416->18419 18418->17369 18419->18418 18553 7ff7a3b35094 18419->18553 18421 7ff7a3b24191 18420->18421 18422 7ff7a3b244d0 49 API calls 18421->18422 18423 7ff7a3b241cb 18422->18423 18424 7ff7a3b244d0 49 API calls 18423->18424 18425 7ff7a3b241db 18424->18425 18426 7ff7a3b2422c 18425->18426 18427 7ff7a3b241fd 18425->18427 18429 7ff7a3b24100 51 API calls 18426->18429 18568 7ff7a3b24100 18427->18568 18430 7ff7a3b2422a 18429->18430 18431 7ff7a3b24257 18430->18431 18432 7ff7a3b2428c 18430->18432 18575 7ff7a3b27ce0 18431->18575 18434 7ff7a3b24100 51 API calls 18432->18434 18435 7ff7a3b242b0 18434->18435 18437 7ff7a3b24100 51 API calls 18435->18437 18453 7ff7a3b24302 18435->18453 18440 7ff7a3b242d9 18437->18440 18438 7ff7a3b24383 18441 7ff7a3b21950 115 API calls 18438->18441 18446 7ff7a3b24100 51 API calls 18440->18446 18440->18453 18446->18453 18448 7ff7a3b24395 18450 7ff7a3b2437c 18450->18448 18451 7ff7a3b24307 18450->18451 18457 7ff7a3b22710 54 API calls 18451->18457 18453->18438 18453->18450 18453->18451 18454 7ff7a3b2436b 18453->18454 18456 7ff7a3b22710 54 API calls 18454->18456 18456->18451 18465 7ff7a3b21c80 49 API calls 18464->18465 18466 7ff7a3b24464 18465->18466 18466->17369 18468 7ff7a3b21268 18467->18468 18490 7ff7a3b245b0 108 API calls 18489->18490 18491 7ff7a3b2108c 18490->18491 18492 7ff7a3b210a9 18491->18492 18493 7ff7a3b21094 18491->18493 18495 7ff7a3b30744 73 API calls 18492->18495 18494 7ff7a3b22710 54 API calls 18493->18494 18501 7ff7a3b210a4 __vcrt_freefls 18494->18501 18496 7ff7a3b210bf 18495->18496 18497 7ff7a3b210c3 18496->18497 18498 7ff7a3b210e6 18496->18498 18499 7ff7a3b34f78 _get_daylight 11 API calls 18497->18499 18503 7ff7a3b210f7 18498->18503 18504 7ff7a3b21122 18498->18504 18500 7ff7a3b210c8 18499->18500 18502 7ff7a3b22910 54 API calls 18500->18502 18501->18374 18509 7ff7a3b210e1 __vcrt_freefls 18502->18509 18505 7ff7a3b34f78 _get_daylight 11 API calls 18503->18505 18506 7ff7a3b21129 18504->18506 18514 7ff7a3b2113c 18504->18514 18507 7ff7a3b21100 18505->18507 18508 7ff7a3b21210 92 API calls 18506->18508 18510 7ff7a3b22910 54 API calls 18507->18510 18508->18509 18511 7ff7a3b300bc 74 API calls 18509->18511 18510->18509 18513 7ff7a3b211b4 18511->18513 18512 7ff7a3b3040c _fread_nolock 53 API calls 18512->18514 18513->18501 18524 7ff7a3b246e0 18513->18524 18514->18509 18514->18512 18516 7ff7a3b211ed 18514->18516 18517 7ff7a3b34f78 _get_daylight 11 API calls 18516->18517 18518 7ff7a3b211f2 18517->18518 18519 7ff7a3b22910 54 API calls 18518->18519 18519->18509 18521 7ff7a3b30b7c 18520->18521 18554 7ff7a3b350ce 18553->18554 18555 7ff7a3b350a1 18553->18555 18556 7ff7a3b350f1 18554->18556 18559 7ff7a3b3510d 18554->18559 18557 7ff7a3b34f78 _get_daylight 11 API calls 18555->18557 18565 7ff7a3b35058 18555->18565 18558 7ff7a3b34f78 _get_daylight 11 API calls 18556->18558 18560 7ff7a3b350ab 18557->18560 18561 7ff7a3b350f6 18558->18561 18562 7ff7a3b34fbc 45 API calls 18559->18562 18563 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 18560->18563 18564 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 18561->18564 18567 7ff7a3b35101 18562->18567 18566 7ff7a3b350b6 18563->18566 18564->18567 18565->18419 18566->18419 18567->18419 18569 7ff7a3b24126 18568->18569 18570 7ff7a3b349f4 49 API calls 18569->18570 18571 7ff7a3b2414c 18570->18571 18572 7ff7a3b2415d 18571->18572 18573 7ff7a3b24550 10 API calls 18571->18573 18572->18430 18574 7ff7a3b2416f 18573->18574 18574->18430 18576 7ff7a3b27cf5 18575->18576 18577 7ff7a3b245b0 108 API calls 18576->18577 18578 7ff7a3b27d1b 18577->18578 18579 7ff7a3b27d42 18578->18579 18580 7ff7a3b245b0 108 API calls 18578->18580 18632 7ff7a3b35f38 18631->18632 18633 7ff7a3b35f5e 18632->18633 18636 7ff7a3b35f91 18632->18636 18634 7ff7a3b34f78 _get_daylight 11 API calls 18633->18634 18635 7ff7a3b35f63 18634->18635 18637 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 18635->18637 18638 7ff7a3b35f97 18636->18638 18639 7ff7a3b35fa4 18636->18639 18640 7ff7a3b24606 18637->18640 18641 7ff7a3b34f78 _get_daylight 11 API calls 18638->18641 18650 7ff7a3b3ac98 18639->18650 18640->17394 18641->18640 18663 7ff7a3b40348 EnterCriticalSection 18650->18663 19023 7ff7a3b37968 19022->19023 19026 7ff7a3b37444 19023->19026 19025 7ff7a3b37981 19025->17404 19027 7ff7a3b3748e 19026->19027 19028 7ff7a3b3745f 19026->19028 19036 7ff7a3b354dc EnterCriticalSection 19027->19036 19029 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 19028->19029 19032 7ff7a3b3747f 19029->19032 19032->19025 19038 7ff7a3b2fee1 19037->19038 19039 7ff7a3b2feb3 19037->19039 19046 7ff7a3b2fed3 19038->19046 19047 7ff7a3b354dc EnterCriticalSection 19038->19047 19040 7ff7a3b3a884 _invalid_parameter_noinfo 37 API calls 19039->19040 19040->19046 19046->17408 19049 7ff7a3b245b0 108 API calls 19048->19049 19050 7ff7a3b21493 19049->19050 19051 7ff7a3b214bc 19050->19051 19052 7ff7a3b2149b 19050->19052 19054 7ff7a3b30744 73 API calls 19051->19054 19053 7ff7a3b22710 54 API calls 19052->19053 19055 7ff7a3b214ab 19053->19055 19056 7ff7a3b214d1 19054->19056 19055->17434 19057 7ff7a3b214f8 19056->19057 19058 7ff7a3b214d5 19056->19058 19061 7ff7a3b21508 19057->19061 19062 7ff7a3b21532 19057->19062 19059 7ff7a3b34f78 _get_daylight 11 API calls 19058->19059 19060 7ff7a3b214da 19059->19060 19063 7ff7a3b22910 54 API calls 19060->19063 19064 7ff7a3b34f78 _get_daylight 11 API calls 19061->19064 19065 7ff7a3b21538 19062->19065 19070 7ff7a3b2154b 19062->19070 19071 7ff7a3b214f3 __vcrt_freefls 19063->19071 19066 7ff7a3b21510 19064->19066 19067 7ff7a3b21210 92 API calls 19065->19067 19067->19071 19070->19071 19073 7ff7a3b3040c _fread_nolock 53 API calls 19070->19073 19074 7ff7a3b215d6 19070->19074 19073->19070 19075 7ff7a3b34f78 _get_daylight 11 API calls 19074->19075 19155 7ff7a3b26365 19154->19155 19156 7ff7a3b21c80 49 API calls 19155->19156 19157 7ff7a3b263a1 19156->19157 19158 7ff7a3b263aa 19157->19158 19159 7ff7a3b263cd 19157->19159 19160 7ff7a3b22710 54 API calls 19158->19160 19161 7ff7a3b24620 49 API calls 19159->19161 19177 7ff7a3b263c3 19160->19177 19162 7ff7a3b263e5 19161->19162 19163 7ff7a3b26403 19162->19163 19166 7ff7a3b22710 54 API calls 19162->19166 19164 7ff7a3b24550 10 API calls 19163->19164 19167 7ff7a3b2640d 19164->19167 19165 7ff7a3b2c5c0 _log10_special 8 API calls 19168 7ff7a3b2336e 19165->19168 19166->19163 19169 7ff7a3b2641b 19167->19169 19170 7ff7a3b29070 3 API calls 19167->19170 19168->17503 19185 7ff7a3b264f0 19168->19185 19171 7ff7a3b24620 49 API calls 19169->19171 19170->19169 19172 7ff7a3b26434 19171->19172 19173 7ff7a3b26459 19172->19173 19174 7ff7a3b26439 19172->19174 19177->19165 19334 7ff7a3b253f0 19185->19334 19187 7ff7a3b26516 19335 7ff7a3b2541c 19334->19335 19336 7ff7a3b25424 19335->19336 19339 7ff7a3b255c4 19335->19339 19365 7ff7a3b36b14 19335->19365 19336->19187 19337 7ff7a3b25787 __vcrt_freefls 19337->19187 19338 7ff7a3b247c0 47 API calls 19338->19339 19339->19337 19339->19338 19366 7ff7a3b36b44 19365->19366 19427->17511 19429 7ff7a3b3b1c0 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19428->19429 19430 7ff7a3b3a451 19429->19430 19431 7ff7a3b3a574 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19430->19431 19432 7ff7a3b3a471 19431->19432 15918 7ff7a3b40938 15919 7ff7a3b4095c 15918->15919 15922 7ff7a3b4096c 15918->15922 16069 7ff7a3b34f78 15919->16069 15921 7ff7a3b40c4c 15924 7ff7a3b34f78 _get_daylight 11 API calls 15921->15924 15922->15921 15923 7ff7a3b4098e 15922->15923 15925 7ff7a3b409af 15923->15925 16072 7ff7a3b40ff4 15923->16072 15926 7ff7a3b40c51 15924->15926 15929 7ff7a3b40a21 15925->15929 15930 7ff7a3b409d5 15925->15930 15935 7ff7a3b40a15 15925->15935 15928 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15926->15928 15943 7ff7a3b40961 15928->15943 15933 7ff7a3b3ec08 _get_daylight 11 API calls 15929->15933 15947 7ff7a3b409e4 15929->15947 16087 7ff7a3b39730 15930->16087 15931 7ff7a3b40ace 15942 7ff7a3b40aeb 15931->15942 15948 7ff7a3b40b3d 15931->15948 15936 7ff7a3b40a37 15933->15936 15935->15931 15935->15947 16099 7ff7a3b4719c 15935->16099 15939 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15936->15939 15944 7ff7a3b40a45 15939->15944 15940 7ff7a3b409fd 15940->15935 15950 7ff7a3b40ff4 45 API calls 15940->15950 15941 7ff7a3b409df 15945 7ff7a3b34f78 _get_daylight 11 API calls 15941->15945 15946 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15942->15946 15944->15935 15944->15947 15952 7ff7a3b3ec08 _get_daylight 11 API calls 15944->15952 15945->15947 15949 7ff7a3b40af4 15946->15949 16093 7ff7a3b3a9b8 15947->16093 15948->15947 15951 7ff7a3b4344c 40 API calls 15948->15951 15957 7ff7a3b40af9 15949->15957 16135 7ff7a3b4344c 15949->16135 15950->15935 15953 7ff7a3b40b7a 15951->15953 15955 7ff7a3b40a67 15952->15955 15956 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15953->15956 15960 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15955->15960 15961 7ff7a3b40b84 15956->15961 15958 7ff7a3b40c40 15957->15958 16049 7ff7a3b3ec08 15957->16049 15963 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15958->15963 15959 7ff7a3b40b25 15962 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15959->15962 15960->15935 15961->15947 15961->15957 15962->15957 15963->15943 15966 7ff7a3b40bd9 16056 7ff7a3b3a514 15966->16056 15967 7ff7a3b40bd0 15968 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15967->15968 15970 7ff7a3b40bd7 15968->15970 15975 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15970->15975 15972 7ff7a3b40c7b 16065 7ff7a3b3a970 IsProcessorFeaturePresent 15972->16065 15973 7ff7a3b40bf0 16144 7ff7a3b472b4 15973->16144 15975->15943 15980 7ff7a3b40c38 15984 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15980->15984 15981 7ff7a3b40c17 15982 7ff7a3b34f78 _get_daylight 11 API calls 15981->15982 15985 7ff7a3b40c1c 15982->15985 15984->15958 15986 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15985->15986 15986->15970 16055 7ff7a3b3ec19 _get_daylight 16049->16055 16050 7ff7a3b3ec6a 16053 7ff7a3b34f78 _get_daylight 10 API calls 16050->16053 16051 7ff7a3b3ec4e HeapAlloc 16052 7ff7a3b3ec68 16051->16052 16051->16055 16052->15966 16052->15967 16053->16052 16055->16050 16055->16051 16163 7ff7a3b43600 16055->16163 16057 7ff7a3b3a52b 16056->16057 16058 7ff7a3b3a521 16056->16058 16059 7ff7a3b34f78 _get_daylight 11 API calls 16057->16059 16058->16057 16062 7ff7a3b3a546 16058->16062 16064 7ff7a3b3a532 16059->16064 16060 7ff7a3b3a53e 16060->15972 16060->15973 16062->16060 16063 7ff7a3b34f78 _get_daylight 11 API calls 16062->16063 16063->16064 16172 7ff7a3b3a950 16064->16172 16066 7ff7a3b3a983 16065->16066 16234 7ff7a3b3a684 16066->16234 16256 7ff7a3b3b338 GetLastError 16069->16256 16071 7ff7a3b34f81 16071->15943 16073 7ff7a3b41029 16072->16073 16079 7ff7a3b41011 16072->16079 16074 7ff7a3b3ec08 _get_daylight 11 API calls 16073->16074 16082 7ff7a3b4104d 16074->16082 16075 7ff7a3b410ae 16077 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16075->16077 16077->16079 16079->15925 16080 7ff7a3b3ec08 _get_daylight 11 API calls 16080->16082 16081 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16081->16082 16082->16075 16082->16080 16082->16081 16083 7ff7a3b3a514 __std_exception_copy 37 API calls 16082->16083 16084 7ff7a3b410bd 16082->16084 16086 7ff7a3b410d2 16082->16086 16083->16082 16085 7ff7a3b3a970 _isindst 17 API calls 16084->16085 16085->16086 16273 7ff7a3b3a574 16086->16273 16088 7ff7a3b39740 16087->16088 16089 7ff7a3b39749 16087->16089 16088->16089 16339 7ff7a3b39208 16088->16339 16089->15940 16089->15941 16094 7ff7a3b3a9bd RtlFreeHeap 16093->16094 16098 7ff7a3b3a9ec 16093->16098 16095 7ff7a3b3a9d8 GetLastError 16094->16095 16094->16098 16096 7ff7a3b3a9e5 Concurrency::details::SchedulerProxy::DeleteThis 16095->16096 16097 7ff7a3b34f78 _get_daylight 9 API calls 16096->16097 16097->16098 16098->15943 16100 7ff7a3b471a9 16099->16100 16101 7ff7a3b462c4 16099->16101 16103 7ff7a3b34fbc 45 API calls 16100->16103 16102 7ff7a3b462d1 16101->16102 16109 7ff7a3b46307 16101->16109 16106 7ff7a3b34f78 _get_daylight 11 API calls 16102->16106 16107 7ff7a3b46278 16102->16107 16105 7ff7a3b471dd 16103->16105 16104 7ff7a3b46331 16108 7ff7a3b34f78 _get_daylight 11 API calls 16104->16108 16114 7ff7a3b471f3 16105->16114 16117 7ff7a3b4720a 16105->16117 16128 7ff7a3b471e2 16105->16128 16110 7ff7a3b462db 16106->16110 16107->15935 16112 7ff7a3b46336 16108->16112 16109->16104 16113 7ff7a3b46356 16109->16113 16111 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 16110->16111 16115 7ff7a3b462e6 16111->16115 16116 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 16112->16116 16122 7ff7a3b34fbc 45 API calls 16113->16122 16127 7ff7a3b46341 16113->16127 16118 7ff7a3b34f78 _get_daylight 11 API calls 16114->16118 16115->15935 16116->16127 16120 7ff7a3b47226 16117->16120 16121 7ff7a3b47214 16117->16121 16119 7ff7a3b471f8 16118->16119 16123 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 16119->16123 16125 7ff7a3b47237 16120->16125 16126 7ff7a3b4724e 16120->16126 16124 7ff7a3b34f78 _get_daylight 11 API calls 16121->16124 16122->16127 16123->16128 16129 7ff7a3b47219 16124->16129 16632 7ff7a3b46314 16125->16632 16641 7ff7a3b48fbc 16126->16641 16127->15935 16128->15935 16132 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 16129->16132 16132->16128 16134 7ff7a3b34f78 _get_daylight 11 API calls 16134->16128 16136 7ff7a3b4346e 16135->16136 16137 7ff7a3b4348b 16135->16137 16136->16137 16138 7ff7a3b4347c 16136->16138 16139 7ff7a3b43495 16137->16139 16681 7ff7a3b47ca8 16137->16681 16140 7ff7a3b34f78 _get_daylight 11 API calls 16138->16140 16688 7ff7a3b47ce4 16139->16688 16143 7ff7a3b43481 memcpy_s 16140->16143 16143->15959 16145 7ff7a3b34fbc 45 API calls 16144->16145 16146 7ff7a3b4731a 16145->16146 16147 7ff7a3b47328 16146->16147 16700 7ff7a3b3ef94 16146->16700 16703 7ff7a3b3551c 16147->16703 16151 7ff7a3b47414 16154 7ff7a3b47425 16151->16154 16155 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16151->16155 16152 7ff7a3b34fbc 45 API calls 16153 7ff7a3b47397 16152->16153 16158 7ff7a3b3ef94 5 API calls 16153->16158 16160 7ff7a3b473a0 16153->16160 16156 7ff7a3b40c13 16154->16156 16157 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16154->16157 16155->16154 16156->15980 16156->15981 16157->16156 16158->16160 16159 7ff7a3b3551c 14 API calls 16161 7ff7a3b473fb 16159->16161 16160->16159 16161->16151 16162 7ff7a3b47403 SetEnvironmentVariableW 16161->16162 16162->16151 16166 7ff7a3b43640 16163->16166 16171 7ff7a3b40348 EnterCriticalSection 16166->16171 16175 7ff7a3b3a7e8 16172->16175 16174 7ff7a3b3a969 16174->16060 16176 7ff7a3b3a813 16175->16176 16179 7ff7a3b3a884 16176->16179 16178 7ff7a3b3a83a 16178->16174 16189 7ff7a3b3a5cc 16179->16189 16182 7ff7a3b3a8bf 16182->16178 16185 7ff7a3b3a970 _isindst 17 API calls 16186 7ff7a3b3a94f 16185->16186 16187 7ff7a3b3a7e8 _invalid_parameter_noinfo 37 API calls 16186->16187 16188 7ff7a3b3a969 16187->16188 16188->16178 16190 7ff7a3b3a5e8 GetLastError 16189->16190 16191 7ff7a3b3a623 16189->16191 16192 7ff7a3b3a5f8 16190->16192 16191->16182 16195 7ff7a3b3a638 16191->16195 16198 7ff7a3b3b400 16192->16198 16196 7ff7a3b3a66c 16195->16196 16197 7ff7a3b3a654 GetLastError SetLastError 16195->16197 16196->16182 16196->16185 16197->16196 16199 7ff7a3b3b43a FlsSetValue 16198->16199 16200 7ff7a3b3b41f FlsGetValue 16198->16200 16201 7ff7a3b3a613 SetLastError 16199->16201 16203 7ff7a3b3b447 16199->16203 16200->16201 16202 7ff7a3b3b434 16200->16202 16201->16191 16202->16199 16204 7ff7a3b3ec08 _get_daylight 11 API calls 16203->16204 16205 7ff7a3b3b456 16204->16205 16206 7ff7a3b3b474 FlsSetValue 16205->16206 16207 7ff7a3b3b464 FlsSetValue 16205->16207 16209 7ff7a3b3b492 16206->16209 16210 7ff7a3b3b480 FlsSetValue 16206->16210 16208 7ff7a3b3b46d 16207->16208 16212 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16208->16212 16215 7ff7a3b3af64 16209->16215 16210->16208 16212->16201 16220 7ff7a3b3ae3c 16215->16220 16232 7ff7a3b40348 EnterCriticalSection 16220->16232 16235 7ff7a3b3a6be _isindst memcpy_s 16234->16235 16236 7ff7a3b3a6e6 RtlCaptureContext RtlLookupFunctionEntry 16235->16236 16237 7ff7a3b3a720 RtlVirtualUnwind 16236->16237 16238 7ff7a3b3a756 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16236->16238 16237->16238 16239 7ff7a3b3a7a8 _isindst 16238->16239 16242 7ff7a3b2c5c0 16239->16242 16243 7ff7a3b2c5c9 16242->16243 16244 7ff7a3b2c5d4 GetCurrentProcess TerminateProcess 16243->16244 16245 7ff7a3b2c950 IsProcessorFeaturePresent 16243->16245 16246 7ff7a3b2c968 16245->16246 16251 7ff7a3b2cb48 RtlCaptureContext 16246->16251 16252 7ff7a3b2cb62 RtlLookupFunctionEntry 16251->16252 16253 7ff7a3b2cb78 RtlVirtualUnwind 16252->16253 16254 7ff7a3b2c97b 16252->16254 16253->16252 16253->16254 16255 7ff7a3b2c910 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16254->16255 16257 7ff7a3b3b379 FlsSetValue 16256->16257 16258 7ff7a3b3b35c 16256->16258 16259 7ff7a3b3b38b 16257->16259 16270 7ff7a3b3b369 16257->16270 16258->16257 16258->16270 16261 7ff7a3b3ec08 _get_daylight 5 API calls 16259->16261 16260 7ff7a3b3b3e5 SetLastError 16260->16071 16262 7ff7a3b3b39a 16261->16262 16263 7ff7a3b3b3b8 FlsSetValue 16262->16263 16264 7ff7a3b3b3a8 FlsSetValue 16262->16264 16266 7ff7a3b3b3d6 16263->16266 16267 7ff7a3b3b3c4 FlsSetValue 16263->16267 16265 7ff7a3b3b3b1 16264->16265 16268 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 16265->16268 16269 7ff7a3b3af64 _get_daylight 5 API calls 16266->16269 16267->16265 16268->16270 16271 7ff7a3b3b3de 16269->16271 16270->16260 16272 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 16271->16272 16272->16260 16282 7ff7a3b436c0 16273->16282 16308 7ff7a3b43678 16282->16308 16313 7ff7a3b40348 EnterCriticalSection 16308->16313 16340 7ff7a3b39221 16339->16340 16353 7ff7a3b3921d 16339->16353 16362 7ff7a3b42660 16340->16362 16345 7ff7a3b3923f 16388 7ff7a3b392ec 16345->16388 16346 7ff7a3b39233 16347 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16346->16347 16347->16353 16350 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16351 7ff7a3b39266 16350->16351 16352 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16351->16352 16352->16353 16353->16089 16354 7ff7a3b3955c 16353->16354 16359 7ff7a3b39585 16354->16359 16360 7ff7a3b3959e 16354->16360 16355 7ff7a3b40858 WideCharToMultiByte 16355->16360 16356 7ff7a3b3ec08 _get_daylight 11 API calls 16356->16360 16357 7ff7a3b3962e 16358 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16357->16358 16358->16359 16359->16089 16360->16355 16360->16356 16360->16357 16360->16359 16361 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16360->16361 16361->16360 16363 7ff7a3b4266d 16362->16363 16367 7ff7a3b39226 16362->16367 16407 7ff7a3b3b294 16363->16407 16368 7ff7a3b4299c GetEnvironmentStringsW 16367->16368 16369 7ff7a3b3922b 16368->16369 16370 7ff7a3b429cc 16368->16370 16369->16345 16369->16346 16371 7ff7a3b40858 WideCharToMultiByte 16370->16371 16372 7ff7a3b42a1d 16371->16372 16373 7ff7a3b42a24 FreeEnvironmentStringsW 16372->16373 16374 7ff7a3b3d66c _fread_nolock 12 API calls 16372->16374 16373->16369 16375 7ff7a3b42a37 16374->16375 16376 7ff7a3b42a48 16375->16376 16377 7ff7a3b42a3f 16375->16377 16379 7ff7a3b40858 WideCharToMultiByte 16376->16379 16378 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16377->16378 16380 7ff7a3b42a46 16378->16380 16381 7ff7a3b42a6b 16379->16381 16380->16373 16382 7ff7a3b42a79 16381->16382 16383 7ff7a3b42a6f 16381->16383 16384 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16382->16384 16385 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16383->16385 16386 7ff7a3b42a77 FreeEnvironmentStringsW 16384->16386 16385->16386 16386->16369 16389 7ff7a3b39311 16388->16389 16390 7ff7a3b3ec08 _get_daylight 11 API calls 16389->16390 16399 7ff7a3b39347 16390->16399 16391 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16392 7ff7a3b39247 16391->16392 16392->16350 16393 7ff7a3b393c2 16394 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16393->16394 16394->16392 16395 7ff7a3b3ec08 _get_daylight 11 API calls 16395->16399 16396 7ff7a3b393b1 16626 7ff7a3b39518 16396->16626 16397 7ff7a3b3a514 __std_exception_copy 37 API calls 16397->16399 16399->16393 16399->16395 16399->16396 16399->16397 16401 7ff7a3b393e7 16399->16401 16403 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16399->16403 16404 7ff7a3b3934f 16399->16404 16405 7ff7a3b3a970 _isindst 17 API calls 16401->16405 16402 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16402->16404 16403->16399 16404->16391 16406 7ff7a3b393fa 16405->16406 16408 7ff7a3b3b2c0 FlsSetValue 16407->16408 16409 7ff7a3b3b2a5 FlsGetValue 16407->16409 16411 7ff7a3b3b2b2 16408->16411 16412 7ff7a3b3b2cd 16408->16412 16410 7ff7a3b3b2ba 16409->16410 16409->16411 16410->16408 16413 7ff7a3b3b2b8 16411->16413 16414 7ff7a3b3a574 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16411->16414 16415 7ff7a3b3ec08 _get_daylight 11 API calls 16412->16415 16427 7ff7a3b42334 16413->16427 16416 7ff7a3b3b335 16414->16416 16417 7ff7a3b3b2dc 16415->16417 16418 7ff7a3b3b2fa FlsSetValue 16417->16418 16419 7ff7a3b3b2ea FlsSetValue 16417->16419 16421 7ff7a3b3b318 16418->16421 16422 7ff7a3b3b306 FlsSetValue 16418->16422 16420 7ff7a3b3b2f3 16419->16420 16424 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16420->16424 16423 7ff7a3b3af64 _get_daylight 11 API calls 16421->16423 16422->16420 16425 7ff7a3b3b320 16423->16425 16424->16411 16426 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16425->16426 16426->16413 16450 7ff7a3b425a4 16427->16450 16429 7ff7a3b42369 16465 7ff7a3b42034 16429->16465 16434 7ff7a3b423ae 16479 7ff7a3b426dc 16434->16479 16435 7ff7a3b4239f 16436 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16435->16436 16447 7ff7a3b42386 16436->16447 16439 7ff7a3b424aa 16440 7ff7a3b34f78 _get_daylight 11 API calls 16439->16440 16441 7ff7a3b424af 16440->16441 16443 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16441->16443 16442 7ff7a3b42505 16445 7ff7a3b4256c 16442->16445 16490 7ff7a3b41e64 16442->16490 16443->16447 16444 7ff7a3b424c4 16444->16442 16448 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16444->16448 16446 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16445->16446 16446->16447 16447->16367 16448->16442 16451 7ff7a3b425c7 16450->16451 16452 7ff7a3b425d1 16451->16452 16505 7ff7a3b40348 EnterCriticalSection 16451->16505 16454 7ff7a3b42643 16452->16454 16455 7ff7a3b3a574 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16452->16455 16454->16429 16459 7ff7a3b4265b 16455->16459 16460 7ff7a3b426b2 16459->16460 16462 7ff7a3b3b294 50 API calls 16459->16462 16460->16429 16463 7ff7a3b4269c 16462->16463 16464 7ff7a3b42334 65 API calls 16463->16464 16464->16460 16506 7ff7a3b34fbc 16465->16506 16468 7ff7a3b42066 16470 7ff7a3b4206b GetACP 16468->16470 16471 7ff7a3b4207b 16468->16471 16469 7ff7a3b42054 GetOEMCP 16469->16471 16470->16471 16471->16447 16472 7ff7a3b3d66c 16471->16472 16473 7ff7a3b3d6b7 16472->16473 16474 7ff7a3b3d67b _get_daylight 16472->16474 16475 7ff7a3b34f78 _get_daylight 11 API calls 16473->16475 16474->16473 16476 7ff7a3b3d69e HeapAlloc 16474->16476 16478 7ff7a3b43600 _get_daylight 2 API calls 16474->16478 16477 7ff7a3b3d6b5 16475->16477 16476->16474 16476->16477 16477->16434 16477->16435 16478->16474 16480 7ff7a3b42034 47 API calls 16479->16480 16481 7ff7a3b42709 16480->16481 16482 7ff7a3b4285f 16481->16482 16484 7ff7a3b42746 IsValidCodePage 16481->16484 16489 7ff7a3b42760 memcpy_s 16481->16489 16483 7ff7a3b2c5c0 _log10_special 8 API calls 16482->16483 16485 7ff7a3b424a1 16483->16485 16484->16482 16486 7ff7a3b42757 16484->16486 16485->16439 16485->16444 16487 7ff7a3b42786 GetCPInfo 16486->16487 16486->16489 16487->16482 16487->16489 16538 7ff7a3b4214c 16489->16538 16625 7ff7a3b40348 EnterCriticalSection 16490->16625 16507 7ff7a3b34fe0 16506->16507 16508 7ff7a3b34fdb 16506->16508 16507->16508 16509 7ff7a3b3b1c0 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16507->16509 16508->16468 16508->16469 16510 7ff7a3b34ffb 16509->16510 16514 7ff7a3b3d9f4 16510->16514 16515 7ff7a3b3da09 16514->16515 16516 7ff7a3b3501e 16514->16516 16515->16516 16522 7ff7a3b43374 16515->16522 16518 7ff7a3b3da60 16516->16518 16519 7ff7a3b3da88 16518->16519 16520 7ff7a3b3da75 16518->16520 16519->16508 16520->16519 16535 7ff7a3b426c0 16520->16535 16523 7ff7a3b3b1c0 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16522->16523 16524 7ff7a3b43383 16523->16524 16525 7ff7a3b433ce 16524->16525 16534 7ff7a3b40348 EnterCriticalSection 16524->16534 16525->16516 16536 7ff7a3b3b1c0 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16535->16536 16537 7ff7a3b426c9 16536->16537 16539 7ff7a3b42189 GetCPInfo 16538->16539 16540 7ff7a3b4227f 16538->16540 16539->16540 16541 7ff7a3b4219c 16539->16541 16542 7ff7a3b2c5c0 _log10_special 8 API calls 16540->16542 16549 7ff7a3b42eb0 16541->16549 16544 7ff7a3b4231e 16542->16544 16544->16482 16550 7ff7a3b34fbc 45 API calls 16549->16550 16551 7ff7a3b42ef2 16550->16551 16569 7ff7a3b3f910 16551->16569 16571 7ff7a3b3f919 MultiByteToWideChar 16569->16571 16627 7ff7a3b393b9 16626->16627 16628 7ff7a3b3951d 16626->16628 16627->16402 16629 7ff7a3b39546 16628->16629 16630 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16628->16630 16631 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16629->16631 16630->16628 16631->16627 16633 7ff7a3b46348 16632->16633 16634 7ff7a3b46331 16632->16634 16633->16634 16637 7ff7a3b46356 16633->16637 16635 7ff7a3b34f78 _get_daylight 11 API calls 16634->16635 16636 7ff7a3b46336 16635->16636 16638 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 16636->16638 16639 7ff7a3b34fbc 45 API calls 16637->16639 16640 7ff7a3b46341 16637->16640 16638->16640 16639->16640 16640->16128 16642 7ff7a3b34fbc 45 API calls 16641->16642 16643 7ff7a3b48fe1 16642->16643 16646 7ff7a3b48c38 16643->16646 16648 7ff7a3b48c86 16646->16648 16647 7ff7a3b2c5c0 _log10_special 8 API calls 16649 7ff7a3b47275 16647->16649 16650 7ff7a3b48d0d 16648->16650 16652 7ff7a3b48cf8 GetCPInfo 16648->16652 16655 7ff7a3b48d11 16648->16655 16649->16128 16649->16134 16651 7ff7a3b3f910 _fread_nolock MultiByteToWideChar 16650->16651 16650->16655 16653 7ff7a3b48da5 16651->16653 16652->16650 16652->16655 16654 7ff7a3b3d66c _fread_nolock 12 API calls 16653->16654 16653->16655 16656 7ff7a3b48ddc 16653->16656 16654->16656 16655->16647 16656->16655 16657 7ff7a3b3f910 _fread_nolock MultiByteToWideChar 16656->16657 16658 7ff7a3b48e4a 16657->16658 16659 7ff7a3b3f910 _fread_nolock MultiByteToWideChar 16658->16659 16668 7ff7a3b48f2c 16658->16668 16661 7ff7a3b48e70 16659->16661 16660 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16660->16655 16662 7ff7a3b3d66c _fread_nolock 12 API calls 16661->16662 16663 7ff7a3b48e9d 16661->16663 16661->16668 16662->16663 16664 7ff7a3b3f910 _fread_nolock MultiByteToWideChar 16663->16664 16663->16668 16665 7ff7a3b48f14 16664->16665 16666 7ff7a3b48f1a 16665->16666 16667 7ff7a3b48f34 16665->16667 16666->16668 16670 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16666->16670 16675 7ff7a3b3efd8 16667->16675 16668->16655 16668->16660 16670->16668 16672 7ff7a3b48f73 16672->16655 16674 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16672->16674 16673 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16673->16672 16674->16655 16676 7ff7a3b3ed80 __crtLCMapStringW 5 API calls 16675->16676 16677 7ff7a3b3f016 16676->16677 16678 7ff7a3b3f01e 16677->16678 16679 7ff7a3b3f240 __crtLCMapStringW 5 API calls 16677->16679 16678->16672 16678->16673 16680 7ff7a3b3f087 CompareStringW 16679->16680 16680->16678 16682 7ff7a3b47cca HeapSize 16681->16682 16683 7ff7a3b47cb1 16681->16683 16684 7ff7a3b34f78 _get_daylight 11 API calls 16683->16684 16685 7ff7a3b47cb6 16684->16685 16686 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 16685->16686 16687 7ff7a3b47cc1 16686->16687 16687->16139 16689 7ff7a3b47cf9 16688->16689 16690 7ff7a3b47d03 16688->16690 16692 7ff7a3b3d66c _fread_nolock 12 API calls 16689->16692 16691 7ff7a3b47d08 16690->16691 16699 7ff7a3b47d0f _get_daylight 16690->16699 16693 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16691->16693 16697 7ff7a3b47d01 16692->16697 16693->16697 16694 7ff7a3b47d42 HeapReAlloc 16694->16697 16694->16699 16695 7ff7a3b47d15 16696 7ff7a3b34f78 _get_daylight 11 API calls 16695->16696 16696->16697 16697->16143 16698 7ff7a3b43600 _get_daylight 2 API calls 16698->16699 16699->16694 16699->16695 16699->16698 16701 7ff7a3b3ed80 __crtLCMapStringW 5 API calls 16700->16701 16702 7ff7a3b3efb4 16701->16702 16702->16147 16704 7ff7a3b3556a 16703->16704 16705 7ff7a3b35546 16703->16705 16706 7ff7a3b3556f 16704->16706 16707 7ff7a3b355c4 16704->16707 16709 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16705->16709 16712 7ff7a3b35555 16705->16712 16710 7ff7a3b35584 16706->16710 16706->16712 16713 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16706->16713 16708 7ff7a3b3f910 _fread_nolock MultiByteToWideChar 16707->16708 16720 7ff7a3b355e0 16708->16720 16709->16712 16714 7ff7a3b3d66c _fread_nolock 12 API calls 16710->16714 16711 7ff7a3b355e7 GetLastError 16725 7ff7a3b34eec 16711->16725 16712->16151 16712->16152 16713->16710 16714->16712 16716 7ff7a3b35622 16716->16712 16717 7ff7a3b3f910 _fread_nolock MultiByteToWideChar 16716->16717 16721 7ff7a3b35666 16717->16721 16719 7ff7a3b35615 16724 7ff7a3b3d66c _fread_nolock 12 API calls 16719->16724 16720->16711 16720->16716 16720->16719 16723 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16720->16723 16721->16711 16721->16712 16722 7ff7a3b34f78 _get_daylight 11 API calls 16722->16712 16723->16719 16724->16716 16726 7ff7a3b3b338 _get_daylight 11 API calls 16725->16726 16727 7ff7a3b34ef9 Concurrency::details::SchedulerProxy::DeleteThis 16726->16727 16728 7ff7a3b3b338 _get_daylight 11 API calls 16727->16728 16729 7ff7a3b34f1b 16728->16729 16729->16722 20133 7ff7a3b3b040 20134 7ff7a3b3b045 20133->20134 20138 7ff7a3b3b05a 20133->20138 20139 7ff7a3b3b060 20134->20139 20140 7ff7a3b3b0a2 20139->20140 20144 7ff7a3b3b0aa 20139->20144 20142 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20140->20142 20141 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20143 7ff7a3b3b0b7 20141->20143 20142->20144 20145 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20143->20145 20144->20141 20146 7ff7a3b3b0c4 20145->20146 20147 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20146->20147 20148 7ff7a3b3b0d1 20147->20148 20149 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20148->20149 20150 7ff7a3b3b0de 20149->20150 20151 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20150->20151 20152 7ff7a3b3b0eb 20151->20152 20153 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20152->20153 20154 7ff7a3b3b0f8 20153->20154 20155 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20154->20155 20156 7ff7a3b3b105 20155->20156 20157 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20156->20157 20158 7ff7a3b3b115 20157->20158 20159 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20158->20159 20160 7ff7a3b3b125 20159->20160 20165 7ff7a3b3af04 20160->20165 20179 7ff7a3b40348 EnterCriticalSection 20165->20179 20309 7ff7a3b39dc0 20312 7ff7a3b39d3c 20309->20312 20319 7ff7a3b40348 EnterCriticalSection 20312->20319 20323 7ff7a3b2cbc0 20324 7ff7a3b2cbd0 20323->20324 20340 7ff7a3b39c18 20324->20340 20326 7ff7a3b2cbdc 20346 7ff7a3b2ceb8 20326->20346 20328 7ff7a3b2d19c 7 API calls 20331 7ff7a3b2cc75 20328->20331 20329 7ff7a3b2cbf4 _RTC_Initialize 20338 7ff7a3b2cc49 20329->20338 20351 7ff7a3b2d068 20329->20351 20332 7ff7a3b2cc09 20354 7ff7a3b39084 20332->20354 20338->20328 20339 7ff7a3b2cc65 20338->20339 20341 7ff7a3b39c29 20340->20341 20342 7ff7a3b34f78 _get_daylight 11 API calls 20341->20342 20345 7ff7a3b39c31 20341->20345 20343 7ff7a3b39c40 20342->20343 20344 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 20343->20344 20344->20345 20345->20326 20347 7ff7a3b2cec9 20346->20347 20350 7ff7a3b2cece __scrt_release_startup_lock 20346->20350 20348 7ff7a3b2d19c 7 API calls 20347->20348 20347->20350 20349 7ff7a3b2cf42 20348->20349 20350->20329 20379 7ff7a3b2d02c 20351->20379 20353 7ff7a3b2d071 20353->20332 20355 7ff7a3b390a4 20354->20355 20356 7ff7a3b2cc15 20354->20356 20357 7ff7a3b390ac 20355->20357 20358 7ff7a3b390c2 GetModuleFileNameW 20355->20358 20356->20338 20378 7ff7a3b2d13c InitializeSListHead 20356->20378 20359 7ff7a3b34f78 _get_daylight 11 API calls 20357->20359 20362 7ff7a3b390ed 20358->20362 20360 7ff7a3b390b1 20359->20360 20361 7ff7a3b3a950 _invalid_parameter_noinfo 37 API calls 20360->20361 20361->20356 20363 7ff7a3b39024 11 API calls 20362->20363 20364 7ff7a3b3912d 20363->20364 20365 7ff7a3b39135 20364->20365 20370 7ff7a3b3914d 20364->20370 20366 7ff7a3b34f78 _get_daylight 11 API calls 20365->20366 20367 7ff7a3b3913a 20366->20367 20368 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20367->20368 20368->20356 20369 7ff7a3b3916f 20371 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20369->20371 20370->20369 20372 7ff7a3b3919b 20370->20372 20373 7ff7a3b391b4 20370->20373 20371->20356 20374 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20372->20374 20375 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20373->20375 20376 7ff7a3b391a4 20374->20376 20375->20369 20377 7ff7a3b3a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20376->20377 20377->20356 20380 7ff7a3b2d046 20379->20380 20382 7ff7a3b2d03f 20379->20382 20383 7ff7a3b3a25c 20380->20383 20382->20353 20386 7ff7a3b39e98 20383->20386 20393 7ff7a3b40348 EnterCriticalSection 20386->20393 20181 7ff7a3b4ac53 20182 7ff7a3b4ac63 20181->20182 20185 7ff7a3b354e8 LeaveCriticalSection 20182->20185 19433 7ff7a3b399d1 19434 7ff7a3b3a448 45 API calls 19433->19434 19435 7ff7a3b399d6 19434->19435 19436 7ff7a3b39a47 19435->19436 19437 7ff7a3b399fd GetModuleHandleW 19435->19437 19445 7ff7a3b398d4 19436->19445 19437->19436 19443 7ff7a3b39a0a 19437->19443 19443->19436 19459 7ff7a3b39af8 GetModuleHandleExW 19443->19459 19465 7ff7a3b40348 EnterCriticalSection 19445->19465 19460 7ff7a3b39b2c GetProcAddress 19459->19460 19461 7ff7a3b39b55 19459->19461 19462 7ff7a3b39b3e 19460->19462 19463 7ff7a3b39b5a FreeLibrary 19461->19463 19464 7ff7a3b39b61 19461->19464 19462->19461 19463->19464 19464->19436 19476 7ff7a3b2bb50 19477 7ff7a3b2bb7e 19476->19477 19478 7ff7a3b2bb65 19476->19478 19478->19477 19480 7ff7a3b3d66c 12 API calls 19478->19480 19479 7ff7a3b2bbde 19480->19479

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00007FF7A3B28BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 0 7ff7a3b28bd0-7ff7a3b28d16 call 7ff7a3b2c8c0 call 7ff7a3b29400 SetConsoleCtrlHandler GetStartupInfoW call 7ff7a3b35460 call 7ff7a3b3a4ec call 7ff7a3b3878c call 7ff7a3b35460 call 7ff7a3b3a4ec call 7ff7a3b3878c call 7ff7a3b35460 call 7ff7a3b3a4ec call 7ff7a3b3878c GetCommandLineW CreateProcessW 23 7ff7a3b28d18-7ff7a3b28d38 GetLastError call 7ff7a3b22c50 0->23 24 7ff7a3b28d3d-7ff7a3b28d79 RegisterClassW 0->24 32 7ff7a3b29029-7ff7a3b2904f call 7ff7a3b2c5c0 23->32 26 7ff7a3b28d7b GetLastError 24->26 27 7ff7a3b28d81-7ff7a3b28dd5 CreateWindowExW 24->27 26->27 28 7ff7a3b28dd7-7ff7a3b28ddd GetLastError 27->28 29 7ff7a3b28ddf-7ff7a3b28de4 ShowWindow 27->29 31 7ff7a3b28dea-7ff7a3b28dfa WaitForSingleObject 28->31 29->31 33 7ff7a3b28e78-7ff7a3b28e7f 31->33 34 7ff7a3b28dfc 31->34 38 7ff7a3b28e81-7ff7a3b28e91 WaitForSingleObject 33->38 39 7ff7a3b28ec2-7ff7a3b28ec9 33->39 37 7ff7a3b28e00-7ff7a3b28e03 34->37 42 7ff7a3b28e0b-7ff7a3b28e12 37->42 43 7ff7a3b28e05 GetLastError 37->43 44 7ff7a3b28e97-7ff7a3b28ea7 TerminateProcess 38->44 45 7ff7a3b28fe8-7ff7a3b28ff2 38->45 40 7ff7a3b28ecf-7ff7a3b28ee5 QueryPerformanceFrequency QueryPerformanceCounter 39->40 41 7ff7a3b28fb0-7ff7a3b28fc9 GetMessageW 39->41 46 7ff7a3b28ef0-7ff7a3b28f28 MsgWaitForMultipleObjects PeekMessageW 40->46 48 7ff7a3b28fcb-7ff7a3b28fd9 TranslateMessage DispatchMessageW 41->48 49 7ff7a3b28fdf-7ff7a3b28fe6 41->49 42->38 47 7ff7a3b28e14-7ff7a3b28e31 PeekMessageW 42->47 43->42 52 7ff7a3b28ea9 GetLastError 44->52 53 7ff7a3b28eaf-7ff7a3b28ebd WaitForSingleObject 44->53 50 7ff7a3b29001-7ff7a3b29025 GetExitCodeProcess CloseHandle * 2 45->50 51 7ff7a3b28ff4-7ff7a3b28ffa DestroyWindow 45->51 54 7ff7a3b28f2a 46->54 55 7ff7a3b28f63-7ff7a3b28f6a 46->55 56 7ff7a3b28e66-7ff7a3b28e76 WaitForSingleObject 47->56 57 7ff7a3b28e33-7ff7a3b28e64 TranslateMessage DispatchMessageW PeekMessageW 47->57 48->49 49->41 49->45 50->32 51->50 52->53 53->45 58 7ff7a3b28f30-7ff7a3b28f61 TranslateMessage DispatchMessageW PeekMessageW 54->58 55->41 59 7ff7a3b28f6c-7ff7a3b28f95 QueryPerformanceCounter 55->59 56->33 56->37 57->56 57->57 58->55 58->58 59->46 60 7ff7a3b28f9b-7ff7a3b28fa2 59->60 60->45 61 7ff7a3b28fa4-7ff7a3b28fa8 60->61 61->41
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                          • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                          • API String ID: 3832162212-3165540532
                                                                                                                                                                                                          • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                          • Instruction ID: e4fc686783f1129091db99638aa1a1cebffbb8aea9e547f8718db64a03b5cc8e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9D1A432A0AA8286F790EF74E8546A9B762FF84758F810235DADD63AB4DF3DD104C714
                                                                                                                                                                                                          Function 00007FF7A3B21000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 62 7ff7a3b21000-7ff7a3b23806 call 7ff7a3b2fe88 call 7ff7a3b2fe90 call 7ff7a3b2c8c0 call 7ff7a3b35460 call 7ff7a3b354f4 call 7ff7a3b236b0 76 7ff7a3b23808-7ff7a3b2380f 62->76 77 7ff7a3b23814-7ff7a3b23836 call 7ff7a3b21950 62->77 78 7ff7a3b23c97-7ff7a3b23cb2 call 7ff7a3b2c5c0 76->78 83 7ff7a3b2383c-7ff7a3b23856 call 7ff7a3b21c80 77->83 84 7ff7a3b2391b-7ff7a3b23931 call 7ff7a3b245b0 77->84 88 7ff7a3b2385b-7ff7a3b2389b call 7ff7a3b28a20 83->88 90 7ff7a3b2396a-7ff7a3b2397f call 7ff7a3b22710 84->90 91 7ff7a3b23933-7ff7a3b23960 call 7ff7a3b27f80 84->91 95 7ff7a3b2389d-7ff7a3b238a3 88->95 96 7ff7a3b238c1-7ff7a3b238cc call 7ff7a3b34fa0 88->96 104 7ff7a3b23c8f 90->104 102 7ff7a3b23962-7ff7a3b23965 call 7ff7a3b300bc 91->102 103 7ff7a3b23984-7ff7a3b239a6 call 7ff7a3b21c80 91->103 99 7ff7a3b238af-7ff7a3b238bd call 7ff7a3b28b90 95->99 100 7ff7a3b238a5-7ff7a3b238ad 95->100 111 7ff7a3b239fc-7ff7a3b23a2a call 7ff7a3b28b30 call 7ff7a3b28b90 * 3 96->111 112 7ff7a3b238d2-7ff7a3b238e1 call 7ff7a3b28a20 96->112 99->96 100->99 102->90 113 7ff7a3b239b0-7ff7a3b239b9 103->113 104->78 137 7ff7a3b23a2f-7ff7a3b23a3e call 7ff7a3b28a20 111->137 120 7ff7a3b238e7-7ff7a3b238ed 112->120 121 7ff7a3b239f4-7ff7a3b239f7 call 7ff7a3b34fa0 112->121 113->113 116 7ff7a3b239bb-7ff7a3b239d8 call 7ff7a3b21950 113->116 116->88 128 7ff7a3b239de-7ff7a3b239ef call 7ff7a3b22710 116->128 125 7ff7a3b238f0-7ff7a3b238fc 120->125 121->111 129 7ff7a3b238fe-7ff7a3b23903 125->129 130 7ff7a3b23905-7ff7a3b23908 125->130 128->104 129->125 129->130 130->121 132 7ff7a3b2390e-7ff7a3b23916 call 7ff7a3b34fa0 130->132 132->137 141 7ff7a3b23a44-7ff7a3b23a47 137->141 142 7ff7a3b23b45-7ff7a3b23b53 137->142 141->142 145 7ff7a3b23a4d-7ff7a3b23a50 141->145 143 7ff7a3b23a67 142->143 144 7ff7a3b23b59-7ff7a3b23b5d 142->144 146 7ff7a3b23a6b-7ff7a3b23a90 call 7ff7a3b34fa0 143->146 144->146 147 7ff7a3b23b14-7ff7a3b23b17 145->147 148 7ff7a3b23a56-7ff7a3b23a5a 145->148 157 7ff7a3b23aab-7ff7a3b23ac0 146->157 158 7ff7a3b23a92-7ff7a3b23aa6 call 7ff7a3b28b30 146->158 150 7ff7a3b23b19-7ff7a3b23b1d 147->150 151 7ff7a3b23b2f-7ff7a3b23b40 call 7ff7a3b22710 147->151 148->147 149 7ff7a3b23a60 148->149 149->143 150->151 153 7ff7a3b23b1f-7ff7a3b23b2a 150->153 161 7ff7a3b23c7f-7ff7a3b23c87 151->161 153->146 159 7ff7a3b23be8-7ff7a3b23bfa call 7ff7a3b28a20 157->159 160 7ff7a3b23ac6-7ff7a3b23aca 157->160 158->157 169 7ff7a3b23bfc-7ff7a3b23c02 159->169 170 7ff7a3b23c2e 159->170 164 7ff7a3b23bcd-7ff7a3b23be2 call 7ff7a3b21940 160->164 165 7ff7a3b23ad0-7ff7a3b23ae8 call 7ff7a3b352c0 160->165 161->104 164->159 164->160 175 7ff7a3b23aea-7ff7a3b23b02 call 7ff7a3b352c0 165->175 176 7ff7a3b23b62-7ff7a3b23b7a call 7ff7a3b352c0 165->176 173 7ff7a3b23c1e-7ff7a3b23c2c 169->173 174 7ff7a3b23c04-7ff7a3b23c1c 169->174 177 7ff7a3b23c31-7ff7a3b23c40 call 7ff7a3b34fa0 170->177 173->177 174->177 175->164 186 7ff7a3b23b08-7ff7a3b23b0f 175->186 184 7ff7a3b23b87-7ff7a3b23b9f call 7ff7a3b352c0 176->184 185 7ff7a3b23b7c-7ff7a3b23b80 176->185 187 7ff7a3b23d41-7ff7a3b23d63 call 7ff7a3b244d0 177->187 188 7ff7a3b23c46-7ff7a3b23c4a 177->188 197 7ff7a3b23bac-7ff7a3b23bc4 call 7ff7a3b352c0 184->197 198 7ff7a3b23ba1-7ff7a3b23ba5 184->198 185->184 186->164 201 7ff7a3b23d71-7ff7a3b23d82 call 7ff7a3b21c80 187->201 202 7ff7a3b23d65-7ff7a3b23d6f call 7ff7a3b24620 187->202 190 7ff7a3b23c50-7ff7a3b23c5f call 7ff7a3b290e0 188->190 191 7ff7a3b23cd4-7ff7a3b23ce6 call 7ff7a3b28a20 188->191 206 7ff7a3b23c61 190->206 207 7ff7a3b23cb3-7ff7a3b23cb6 call 7ff7a3b28850 190->207 208 7ff7a3b23ce8-7ff7a3b23ceb 191->208 209 7ff7a3b23d35-7ff7a3b23d3c 191->209 197->164 221 7ff7a3b23bc6 197->221 198->197 212 7ff7a3b23d87-7ff7a3b23d96 201->212 202->212 215 7ff7a3b23c68 call 7ff7a3b22710 206->215 220 7ff7a3b23cbb-7ff7a3b23cbd 207->220 208->209 210 7ff7a3b23ced-7ff7a3b23d10 call 7ff7a3b21c80 208->210 209->215 228 7ff7a3b23d2b-7ff7a3b23d33 call 7ff7a3b34fa0 210->228 229 7ff7a3b23d12-7ff7a3b23d26 call 7ff7a3b22710 call 7ff7a3b34fa0 210->229 218 7ff7a3b23d98-7ff7a3b23d9f 212->218 219 7ff7a3b23dc4-7ff7a3b23dda call 7ff7a3b29400 212->219 222 7ff7a3b23c6d-7ff7a3b23c77 215->222 218->219 224 7ff7a3b23da1-7ff7a3b23da5 218->224 234 7ff7a3b23de8-7ff7a3b23e04 SetDllDirectoryW 219->234 235 7ff7a3b23ddc 219->235 226 7ff7a3b23cc8-7ff7a3b23ccf 220->226 227 7ff7a3b23cbf-7ff7a3b23cc6 220->227 221->164 222->161 224->219 230 7ff7a3b23da7-7ff7a3b23dbe SetDllDirectoryW LoadLibraryExW 224->230 226->212 227->215 228->212 229->222 230->219 238 7ff7a3b23e0a-7ff7a3b23e19 call 7ff7a3b28a20 234->238 239 7ff7a3b23f01-7ff7a3b23f08 234->239 235->234 249 7ff7a3b23e1b-7ff7a3b23e21 238->249 250 7ff7a3b23e32-7ff7a3b23e3c call 7ff7a3b34fa0 238->250 241 7ff7a3b23ffc-7ff7a3b24004 239->241 242 7ff7a3b23f0e-7ff7a3b23f15 239->242 247 7ff7a3b24029-7ff7a3b2405b call 7ff7a3b236a0 call 7ff7a3b23360 call 7ff7a3b23670 call 7ff7a3b26fb0 call 7ff7a3b26d60 241->247 248 7ff7a3b24006-7ff7a3b24023 PostMessageW GetMessageW 241->248 242->241 246 7ff7a3b23f1b-7ff7a3b23f25 call 7ff7a3b233c0 242->246 246->222 259 7ff7a3b23f2b-7ff7a3b23f3f call 7ff7a3b290c0 246->259 248->247 253 7ff7a3b23e2d-7ff7a3b23e2f 249->253 254 7ff7a3b23e23-7ff7a3b23e2b 249->254 262 7ff7a3b23ef2-7ff7a3b23efc call 7ff7a3b28b30 250->262 263 7ff7a3b23e42-7ff7a3b23e48 250->263 253->250 254->253 269 7ff7a3b23f41-7ff7a3b23f5e PostMessageW GetMessageW 259->269 270 7ff7a3b23f64-7ff7a3b23fa0 call 7ff7a3b28b30 call 7ff7a3b28bd0 call 7ff7a3b26fb0 call 7ff7a3b26d60 call 7ff7a3b28ad0 259->270 262->239 263->262 267 7ff7a3b23e4e-7ff7a3b23e54 263->267 272 7ff7a3b23e5f-7ff7a3b23e61 267->272 273 7ff7a3b23e56-7ff7a3b23e58 267->273 269->270 308 7ff7a3b23fa5-7ff7a3b23fa7 270->308 272->239 276 7ff7a3b23e67-7ff7a3b23e83 call 7ff7a3b26db0 call 7ff7a3b27330 272->276 273->276 277 7ff7a3b23e5a 273->277 289 7ff7a3b23e8e-7ff7a3b23e95 276->289 290 7ff7a3b23e85-7ff7a3b23e8c 276->290 277->239 293 7ff7a3b23e97-7ff7a3b23ea4 call 7ff7a3b26df0 289->293 294 7ff7a3b23eaf-7ff7a3b23eb9 call 7ff7a3b271a0 289->294 292 7ff7a3b23edb-7ff7a3b23ef0 call 7ff7a3b22a50 call 7ff7a3b26fb0 call 7ff7a3b26d60 290->292 292->239 293->294 305 7ff7a3b23ea6-7ff7a3b23ead 293->305 306 7ff7a3b23ebb-7ff7a3b23ec2 294->306 307 7ff7a3b23ec4-7ff7a3b23ed2 call 7ff7a3b274e0 294->307 305->292 306->292 307->239 319 7ff7a3b23ed4 307->319 311 7ff7a3b23fe9-7ff7a3b23ff7 call 7ff7a3b21900 308->311 312 7ff7a3b23fa9-7ff7a3b23fb3 call 7ff7a3b29200 308->312 311->222 312->311 321 7ff7a3b23fb5-7ff7a3b23fca 312->321 319->292 322 7ff7a3b23fcc-7ff7a3b23fdf call 7ff7a3b22710 call 7ff7a3b21900 321->322 323 7ff7a3b23fe4 call 7ff7a3b22a50 321->323 322->222 323->311
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                          • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                          • API String ID: 2776309574-4232158417
                                                                                                                                                                                                          • Opcode ID: 230e5f2fbe18b706386c2e6c5de042c78cdf1bdf29ac743ce162c0a9040f007d
                                                                                                                                                                                                          • Instruction ID: 53ce9c9849c80e0d2636dd54c143d3d4c0c5048146af0c50f8aba3672211b58f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 230e5f2fbe18b706386c2e6c5de042c78cdf1bdf29ac743ce162c0a9040f007d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B32C321A0E6C251FA95FFA094557B9A253AF44780FC64232EACD632F6DF3EE554C320
                                                                                                                                                                                                          Function 00007FF7A3B45C70 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 477 7ff7a3b45c70-7ff7a3b45cab call 7ff7a3b455f8 call 7ff7a3b45600 call 7ff7a3b45668 484 7ff7a3b45cb1-7ff7a3b45cbc call 7ff7a3b45608 477->484 485 7ff7a3b45ed5-7ff7a3b45f21 call 7ff7a3b3a970 call 7ff7a3b455f8 call 7ff7a3b45600 call 7ff7a3b45668 477->485 484->485 490 7ff7a3b45cc2-7ff7a3b45ccc 484->490 511 7ff7a3b45f27-7ff7a3b45f32 call 7ff7a3b45608 485->511 512 7ff7a3b4605f-7ff7a3b460cd call 7ff7a3b3a970 call 7ff7a3b415e8 485->512 492 7ff7a3b45cee-7ff7a3b45cf2 490->492 493 7ff7a3b45cce-7ff7a3b45cd1 490->493 496 7ff7a3b45cf5-7ff7a3b45cfd 492->496 495 7ff7a3b45cd4-7ff7a3b45cdf 493->495 498 7ff7a3b45cea-7ff7a3b45cec 495->498 499 7ff7a3b45ce1-7ff7a3b45ce8 495->499 496->496 500 7ff7a3b45cff-7ff7a3b45d12 call 7ff7a3b3d66c 496->500 498->492 503 7ff7a3b45d1b-7ff7a3b45d29 498->503 499->495 499->498 507 7ff7a3b45d2a-7ff7a3b45d36 call 7ff7a3b3a9b8 500->507 508 7ff7a3b45d14-7ff7a3b45d16 call 7ff7a3b3a9b8 500->508 518 7ff7a3b45d3d-7ff7a3b45d45 507->518 508->503 511->512 520 7ff7a3b45f38-7ff7a3b45f43 call 7ff7a3b45638 511->520 531 7ff7a3b460db-7ff7a3b460de 512->531 532 7ff7a3b460cf-7ff7a3b460d6 512->532 518->518 521 7ff7a3b45d47-7ff7a3b45d58 call 7ff7a3b404e4 518->521 520->512 529 7ff7a3b45f49-7ff7a3b45f6c call 7ff7a3b3a9b8 GetTimeZoneInformation 520->529 521->485 530 7ff7a3b45d5e-7ff7a3b45db4 call 7ff7a3b4a540 * 4 call 7ff7a3b45b8c 521->530 547 7ff7a3b45f72-7ff7a3b45f93 529->547 548 7ff7a3b46034-7ff7a3b4605e call 7ff7a3b455f0 call 7ff7a3b455e0 call 7ff7a3b455e8 529->548 589 7ff7a3b45db6-7ff7a3b45dba 530->589 534 7ff7a3b460e0 531->534 535 7ff7a3b46115-7ff7a3b46128 call 7ff7a3b3d66c 531->535 537 7ff7a3b4616b-7ff7a3b4616e 532->537 540 7ff7a3b460e3 534->540 551 7ff7a3b4612a 535->551 552 7ff7a3b46133-7ff7a3b4614e call 7ff7a3b415e8 535->552 539 7ff7a3b46174-7ff7a3b4617c call 7ff7a3b45c70 537->539 537->540 545 7ff7a3b460e8-7ff7a3b46114 call 7ff7a3b3a9b8 call 7ff7a3b2c5c0 539->545 540->545 546 7ff7a3b460e3 call 7ff7a3b45eec 540->546 546->545 554 7ff7a3b45f9e-7ff7a3b45fa5 547->554 555 7ff7a3b45f95-7ff7a3b45f9b 547->555 561 7ff7a3b4612c-7ff7a3b46131 call 7ff7a3b3a9b8 551->561 577 7ff7a3b46150-7ff7a3b46153 552->577 578 7ff7a3b46155-7ff7a3b46167 call 7ff7a3b3a9b8 552->578 563 7ff7a3b45fb9 554->563 564 7ff7a3b45fa7-7ff7a3b45faf 554->564 555->554 561->534 568 7ff7a3b45fbb-7ff7a3b4602f call 7ff7a3b4a540 * 4 call 7ff7a3b42bcc call 7ff7a3b46184 * 2 563->568 564->563 565 7ff7a3b45fb1-7ff7a3b45fb7 564->565 565->568 568->548 577->561 578->537 591 7ff7a3b45dbc 589->591 592 7ff7a3b45dc0-7ff7a3b45dc4 589->592 591->592 592->589 594 7ff7a3b45dc6-7ff7a3b45deb call 7ff7a3b36bc8 592->594 600 7ff7a3b45dee-7ff7a3b45df2 594->600 602 7ff7a3b45e01-7ff7a3b45e05 600->602 603 7ff7a3b45df4-7ff7a3b45dff 600->603 602->600 603->602 605 7ff7a3b45e07-7ff7a3b45e0b 603->605 607 7ff7a3b45e0d-7ff7a3b45e35 call 7ff7a3b36bc8 605->607 608 7ff7a3b45e8c-7ff7a3b45e90 605->608 617 7ff7a3b45e37 607->617 618 7ff7a3b45e53-7ff7a3b45e57 607->618 611 7ff7a3b45e97-7ff7a3b45ea4 608->611 612 7ff7a3b45e92-7ff7a3b45e94 608->612 613 7ff7a3b45ebf-7ff7a3b45ece call 7ff7a3b455f0 call 7ff7a3b455e0 611->613 614 7ff7a3b45ea6-7ff7a3b45ebc call 7ff7a3b45b8c 611->614 612->611 613->485 614->613 621 7ff7a3b45e3a-7ff7a3b45e41 617->621 618->608 623 7ff7a3b45e59-7ff7a3b45e77 call 7ff7a3b36bc8 618->623 621->618 624 7ff7a3b45e43-7ff7a3b45e51 621->624 629 7ff7a3b45e83-7ff7a3b45e8a 623->629 624->618 624->621 629->608 630 7ff7a3b45e79-7ff7a3b45e7d 629->630 630->608 631 7ff7a3b45e7f 630->631 631->629
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7A3B45CB5
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B45608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A3B4561C
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B3A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7A3B42D92,?,?,?,00007FF7A3B42DCF,?,?,00000000,00007FF7A3B43295,?,?,?,00007FF7A3B431C7), ref: 00007FF7A3B3A9CE
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B3A9B8: GetLastError.KERNEL32(?,?,?,00007FF7A3B42D92,?,?,?,00007FF7A3B42DCF,?,?,00000000,00007FF7A3B43295,?,?,?,00007FF7A3B431C7), ref: 00007FF7A3B3A9D8
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B3A970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7A3B3A94F,?,?,?,?,?,00007FF7A3B3A83A), ref: 00007FF7A3B3A979
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B3A970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7A3B3A94F,?,?,?,?,?,00007FF7A3B3A83A), ref: 00007FF7A3B3A99E
                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7A3B45CA4
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B45668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A3B4567C
                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7A3B45F1A
                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7A3B45F2B
                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7A3B45F3C
                                                                                                                                                                                                          • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7A3B4617C), ref: 00007FF7A3B45F63
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                          • API String ID: 4070488512-239921721
                                                                                                                                                                                                          • Opcode ID: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                          • Instruction ID: 3c3bb102c56ebad51b1393ae4929d0a6daf2b151313e9b2413d0e2eda43c5d93
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27D1F722E0A65245F7A0FF21D4411B9A352FF44784FC68136EA8D67AB6DF3EE441C364
                                                                                                                                                                                                          Function 00007FF7A3B469D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 691 7ff7a3b469d4-7ff7a3b46a47 call 7ff7a3b46708 694 7ff7a3b46a49-7ff7a3b46a52 call 7ff7a3b34f58 691->694 695 7ff7a3b46a61-7ff7a3b46a6b call 7ff7a3b38590 691->695 702 7ff7a3b46a55-7ff7a3b46a5c call 7ff7a3b34f78 694->702 700 7ff7a3b46a6d-7ff7a3b46a84 call 7ff7a3b34f58 call 7ff7a3b34f78 695->700 701 7ff7a3b46a86-7ff7a3b46aef CreateFileW 695->701 700->702 704 7ff7a3b46b6c-7ff7a3b46b77 GetFileType 701->704 705 7ff7a3b46af1-7ff7a3b46af7 701->705 718 7ff7a3b46da2-7ff7a3b46dc2 702->718 711 7ff7a3b46bca-7ff7a3b46bd1 704->711 712 7ff7a3b46b79-7ff7a3b46bb4 GetLastError call 7ff7a3b34eec CloseHandle 704->712 708 7ff7a3b46b39-7ff7a3b46b67 GetLastError call 7ff7a3b34eec 705->708 709 7ff7a3b46af9-7ff7a3b46afd 705->709 708->702 709->708 716 7ff7a3b46aff-7ff7a3b46b37 CreateFileW 709->716 714 7ff7a3b46bd9-7ff7a3b46bdc 711->714 715 7ff7a3b46bd3-7ff7a3b46bd7 711->715 712->702 725 7ff7a3b46bba-7ff7a3b46bc5 call 7ff7a3b34f78 712->725 721 7ff7a3b46be2-7ff7a3b46c37 call 7ff7a3b384a8 714->721 722 7ff7a3b46bde 714->722 715->721 716->704 716->708 730 7ff7a3b46c39-7ff7a3b46c45 call 7ff7a3b46910 721->730 731 7ff7a3b46c56-7ff7a3b46c87 call 7ff7a3b46488 721->731 722->721 725->702 730->731 738 7ff7a3b46c47 730->738 736 7ff7a3b46c89-7ff7a3b46c8b 731->736 737 7ff7a3b46c8d-7ff7a3b46ccf 731->737 739 7ff7a3b46c49-7ff7a3b46c51 call 7ff7a3b3ab30 736->739 740 7ff7a3b46cf1-7ff7a3b46cfc 737->740 741 7ff7a3b46cd1-7ff7a3b46cd5 737->741 738->739 739->718 743 7ff7a3b46d02-7ff7a3b46d06 740->743 744 7ff7a3b46da0 740->744 741->740 742 7ff7a3b46cd7-7ff7a3b46cec 741->742 742->740 743->744 747 7ff7a3b46d0c-7ff7a3b46d51 CloseHandle CreateFileW 743->747 744->718 748 7ff7a3b46d86-7ff7a3b46d9b 747->748 749 7ff7a3b46d53-7ff7a3b46d81 GetLastError call 7ff7a3b34eec call 7ff7a3b386d0 747->749 748->744 749->748
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1617910340-0
                                                                                                                                                                                                          • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                          • Instruction ID: 9cf020fd2218fdc4c688cda461dca8970ef47dab443255f969903b25981f88fc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63C1F236B29A5186FB90EF64C4812AC7762F748B98B424235DFAEA77E4CF39D411C310
                                                                                                                                                                                                          Function 00007FF7A3B283B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindFirstFileW.KERNELBASE(?,00007FF7A3B28B09,00007FF7A3B23FA5), ref: 00007FF7A3B2841B
                                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?,00007FF7A3B28B09,00007FF7A3B23FA5), ref: 00007FF7A3B2849E
                                                                                                                                                                                                          • DeleteFileW.KERNELBASE(?,00007FF7A3B28B09,00007FF7A3B23FA5), ref: 00007FF7A3B284BD
                                                                                                                                                                                                          • FindNextFileW.KERNELBASE(?,00007FF7A3B28B09,00007FF7A3B23FA5), ref: 00007FF7A3B284CB
                                                                                                                                                                                                          • FindClose.KERNEL32(?,00007FF7A3B28B09,00007FF7A3B23FA5), ref: 00007FF7A3B284DC
                                                                                                                                                                                                          • RemoveDirectoryW.KERNELBASE(?,00007FF7A3B28B09,00007FF7A3B23FA5), ref: 00007FF7A3B284E5
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                          • String ID: %s\*
                                                                                                                                                                                                          • API String ID: 1057558799-766152087
                                                                                                                                                                                                          • Opcode ID: 39a93d91a788addd72801eeb202cf5dd5373a6ceabdc1da620128e14205563d9
                                                                                                                                                                                                          • Instruction ID: 8d1eba053c0aa4e779df41e2a6177281567e3d99fdf5e25ffe1ea993bd01c88c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39a93d91a788addd72801eeb202cf5dd5373a6ceabdc1da620128e14205563d9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C41C621A1E58282EAB0BFA4E4449B9A362FF94754FC10331D5EEA36E4DF3DD5058710
                                                                                                                                                                                                          Function 00007FF7A3B45EEC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 1012 7ff7a3b45eec-7ff7a3b45f21 call 7ff7a3b455f8 call 7ff7a3b45600 call 7ff7a3b45668 1019 7ff7a3b45f27-7ff7a3b45f32 call 7ff7a3b45608 1012->1019 1020 7ff7a3b4605f-7ff7a3b460cd call 7ff7a3b3a970 call 7ff7a3b415e8 1012->1020 1019->1020 1025 7ff7a3b45f38-7ff7a3b45f43 call 7ff7a3b45638 1019->1025 1032 7ff7a3b460db-7ff7a3b460de 1020->1032 1033 7ff7a3b460cf-7ff7a3b460d6 1020->1033 1025->1020 1031 7ff7a3b45f49-7ff7a3b45f6c call 7ff7a3b3a9b8 GetTimeZoneInformation 1025->1031 1046 7ff7a3b45f72-7ff7a3b45f93 1031->1046 1047 7ff7a3b46034-7ff7a3b4605e call 7ff7a3b455f0 call 7ff7a3b455e0 call 7ff7a3b455e8 1031->1047 1035 7ff7a3b460e0 1032->1035 1036 7ff7a3b46115-7ff7a3b46128 call 7ff7a3b3d66c 1032->1036 1037 7ff7a3b4616b-7ff7a3b4616e 1033->1037 1040 7ff7a3b460e3 1035->1040 1049 7ff7a3b4612a 1036->1049 1050 7ff7a3b46133-7ff7a3b4614e call 7ff7a3b415e8 1036->1050 1039 7ff7a3b46174-7ff7a3b4617c call 7ff7a3b45c70 1037->1039 1037->1040 1044 7ff7a3b460e8-7ff7a3b46114 call 7ff7a3b3a9b8 call 7ff7a3b2c5c0 1039->1044 1040->1044 1045 7ff7a3b460e3 call 7ff7a3b45eec 1040->1045 1045->1044 1052 7ff7a3b45f9e-7ff7a3b45fa5 1046->1052 1053 7ff7a3b45f95-7ff7a3b45f9b 1046->1053 1057 7ff7a3b4612c-7ff7a3b46131 call 7ff7a3b3a9b8 1049->1057 1071 7ff7a3b46150-7ff7a3b46153 1050->1071 1072 7ff7a3b46155-7ff7a3b46167 call 7ff7a3b3a9b8 1050->1072 1059 7ff7a3b45fb9 1052->1059 1060 7ff7a3b45fa7-7ff7a3b45faf 1052->1060 1053->1052 1057->1035 1063 7ff7a3b45fbb-7ff7a3b4602f call 7ff7a3b4a540 * 4 call 7ff7a3b42bcc call 7ff7a3b46184 * 2 1059->1063 1060->1059 1061 7ff7a3b45fb1-7ff7a3b45fb7 1060->1061 1061->1063 1063->1047 1071->1057 1072->1037
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7A3B45F1A
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B45668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A3B4567C
                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7A3B45F2B
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B45608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A3B4561C
                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7A3B45F3C
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B45638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A3B4564C
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B3A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7A3B42D92,?,?,?,00007FF7A3B42DCF,?,?,00000000,00007FF7A3B43295,?,?,?,00007FF7A3B431C7), ref: 00007FF7A3B3A9CE
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B3A9B8: GetLastError.KERNEL32(?,?,?,00007FF7A3B42D92,?,?,?,00007FF7A3B42DCF,?,?,00000000,00007FF7A3B43295,?,?,?,00007FF7A3B431C7), ref: 00007FF7A3B3A9D8
                                                                                                                                                                                                          • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7A3B4617C), ref: 00007FF7A3B45F63
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                          • API String ID: 3458911817-239921721
                                                                                                                                                                                                          • Opcode ID: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                          • Instruction ID: caf97e812170ea314b952396c26f9b2eca3818a770983570dbb9532eb73a0f9a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D517532A0A64286F790FF21D4815A9E762BB48744FC64136EACD637B6DF3EE4408764
                                                                                                                                                                                                          Function 00007FF7A3B292F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                          • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                          • Instruction ID: bcddbf3ea577ed54b8022e2992a5134d83d4a1726061a69f7582b6174296c77d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DF0CD22629781C7F7E09F90B449B66B351AB48324F450335DAED116E4DF3DD1588710
                                                                                                                                                                                                          Function 00007FF7A3B40938 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1010374628-0
                                                                                                                                                                                                          • Opcode ID: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                                          • Instruction ID: 7ec3cee42b5f955a7a508d434ed4ddeb7af7e64d5d76afadd68bbf60dbb84e93
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0002CF21A1F65240FAD9BF11A401279E692AF45B90FD74634DDDD6ABF2DF3EE4008328
                                                                                                                                                                                                          Function 00007FF7A3B21950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 329 7ff7a3b21950-7ff7a3b2198b call 7ff7a3b245b0 332 7ff7a3b21c4e-7ff7a3b21c72 call 7ff7a3b2c5c0 329->332 333 7ff7a3b21991-7ff7a3b219d1 call 7ff7a3b27f80 329->333 338 7ff7a3b219d7-7ff7a3b219e7 call 7ff7a3b30744 333->338 339 7ff7a3b21c3b-7ff7a3b21c3e call 7ff7a3b300bc 333->339 344 7ff7a3b21a08-7ff7a3b21a24 call 7ff7a3b3040c 338->344 345 7ff7a3b219e9-7ff7a3b21a03 call 7ff7a3b34f78 call 7ff7a3b22910 338->345 343 7ff7a3b21c43-7ff7a3b21c4b 339->343 343->332 351 7ff7a3b21a26-7ff7a3b21a40 call 7ff7a3b34f78 call 7ff7a3b22910 344->351 352 7ff7a3b21a45-7ff7a3b21a5a call 7ff7a3b34f98 344->352 345->339 351->339 359 7ff7a3b21a5c-7ff7a3b21a76 call 7ff7a3b34f78 call 7ff7a3b22910 352->359 360 7ff7a3b21a7b-7ff7a3b21afc call 7ff7a3b21c80 * 2 call 7ff7a3b30744 352->360 359->339 371 7ff7a3b21b01-7ff7a3b21b14 call 7ff7a3b34fb4 360->371 374 7ff7a3b21b16-7ff7a3b21b30 call 7ff7a3b34f78 call 7ff7a3b22910 371->374 375 7ff7a3b21b35-7ff7a3b21b4e call 7ff7a3b3040c 371->375 374->339 380 7ff7a3b21b50-7ff7a3b21b6a call 7ff7a3b34f78 call 7ff7a3b22910 375->380 381 7ff7a3b21b6f-7ff7a3b21b8b call 7ff7a3b30180 375->381 380->339 389 7ff7a3b21b9e-7ff7a3b21bac 381->389 390 7ff7a3b21b8d-7ff7a3b21b99 call 7ff7a3b22710 381->390 389->339 391 7ff7a3b21bb2-7ff7a3b21bb9 389->391 390->339 394 7ff7a3b21bc1-7ff7a3b21bc7 391->394 396 7ff7a3b21bc9-7ff7a3b21bd6 394->396 397 7ff7a3b21be0-7ff7a3b21bef 394->397 398 7ff7a3b21bf1-7ff7a3b21bfa 396->398 397->397 397->398 399 7ff7a3b21bfc-7ff7a3b21bff 398->399 400 7ff7a3b21c0f 398->400 399->400 401 7ff7a3b21c01-7ff7a3b21c04 399->401 402 7ff7a3b21c11-7ff7a3b21c24 400->402 401->400 403 7ff7a3b21c06-7ff7a3b21c09 401->403 404 7ff7a3b21c2d-7ff7a3b21c39 402->404 405 7ff7a3b21c26 402->405 403->400 406 7ff7a3b21c0b-7ff7a3b21c0d 403->406 404->339 404->394 405->404 406->402
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B27F80: _fread_nolock.LIBCMT ref: 00007FF7A3B2802A
                                                                                                                                                                                                          • _fread_nolock.LIBCMT ref: 00007FF7A3B21A1B
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B22910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7A3B21B6A), ref: 00007FF7A3B2295E
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                          • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                          • API String ID: 2397952137-3497178890
                                                                                                                                                                                                          • Opcode ID: 2a1d170e840dceaee6f2da0756e3de0371e7b12602e63a76cd509f1e6af33911
                                                                                                                                                                                                          • Instruction ID: 4c985985b847523fd6c12ff3a3e9cf7e235490be1990d3d1de967c07aaedcfe8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a1d170e840dceaee6f2da0756e3de0371e7b12602e63a76cd509f1e6af33911
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1081C471A0E6C286E7A0FF54D0416F9A3A2EF44780F864131EACD67BB5DE3EE1458720
                                                                                                                                                                                                          Function 00007FF7A3B21600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 407 7ff7a3b21600-7ff7a3b21611 408 7ff7a3b21637-7ff7a3b21651 call 7ff7a3b245b0 407->408 409 7ff7a3b21613-7ff7a3b2161c call 7ff7a3b21050 407->409 414 7ff7a3b21682-7ff7a3b2169c call 7ff7a3b245b0 408->414 415 7ff7a3b21653-7ff7a3b21681 call 7ff7a3b34f78 call 7ff7a3b22910 408->415 416 7ff7a3b2162e-7ff7a3b21636 409->416 417 7ff7a3b2161e-7ff7a3b21629 call 7ff7a3b22710 409->417 424 7ff7a3b216b8-7ff7a3b216cf call 7ff7a3b30744 414->424 425 7ff7a3b2169e-7ff7a3b216b3 call 7ff7a3b22710 414->425 417->416 432 7ff7a3b216f9-7ff7a3b216fd 424->432 433 7ff7a3b216d1-7ff7a3b216f4 call 7ff7a3b34f78 call 7ff7a3b22910 424->433 431 7ff7a3b21821-7ff7a3b21824 call 7ff7a3b300bc 425->431 438 7ff7a3b21829-7ff7a3b2183b 431->438 435 7ff7a3b21717-7ff7a3b21737 call 7ff7a3b34fb4 432->435 436 7ff7a3b216ff-7ff7a3b2170b call 7ff7a3b21210 432->436 446 7ff7a3b21819-7ff7a3b2181c call 7ff7a3b300bc 433->446 447 7ff7a3b21739-7ff7a3b2175c call 7ff7a3b34f78 call 7ff7a3b22910 435->447 448 7ff7a3b21761-7ff7a3b2176c 435->448 443 7ff7a3b21710-7ff7a3b21712 436->443 443->446 446->431 461 7ff7a3b2180f-7ff7a3b21814 447->461 450 7ff7a3b21802-7ff7a3b2180a call 7ff7a3b34fa0 448->450 451 7ff7a3b21772-7ff7a3b21777 448->451 450->461 454 7ff7a3b21780-7ff7a3b217a2 call 7ff7a3b3040c 451->454 462 7ff7a3b217da-7ff7a3b217e6 call 7ff7a3b34f78 454->462 463 7ff7a3b217a4-7ff7a3b217bc call 7ff7a3b30b4c 454->463 461->446 468 7ff7a3b217ed-7ff7a3b217f8 call 7ff7a3b22910 462->468 469 7ff7a3b217be-7ff7a3b217c1 463->469 470 7ff7a3b217c5-7ff7a3b217d8 call 7ff7a3b34f78 463->470 476 7ff7a3b217fd 468->476 469->454 472 7ff7a3b217c3 469->472 470->468 472->476 476->450
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                          • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                          • API String ID: 2050909247-1550345328
                                                                                                                                                                                                          • Opcode ID: 79a07ce5d44a4a527e320f9bba7b0693ac174a5d9842ddaaf57a302337259006
                                                                                                                                                                                                          • Instruction ID: 35bdbcd101cbb3b57b34ac0eb12a3baff017326a6052ad3d75ce3a8f80a5998d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79a07ce5d44a4a527e320f9bba7b0693ac174a5d9842ddaaf57a302337259006
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F51B461B0A68382EA94FF9194005B9E352BF44794FC64231EECC27BB5DF3EE5458720
                                                                                                                                                                                                          Function 00007FF7A3B28850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetTempPathW.KERNEL32(?,?,00000000,00007FF7A3B23CBB), ref: 00007FF7A3B288F4
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00007FF7A3B23CBB), ref: 00007FF7A3B288FA
                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,00000000,00007FF7A3B23CBB), ref: 00007FF7A3B2893C
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B28A20: GetEnvironmentVariableW.KERNEL32(00007FF7A3B2388E), ref: 00007FF7A3B28A57
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B28A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7A3B28A79
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B382A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A3B382C1
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B22810: MessageBoxW.USER32 ref: 00007FF7A3B228EA
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                          • API String ID: 3563477958-1339014028
                                                                                                                                                                                                          • Opcode ID: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                          • Instruction ID: 54006214e56b68227c22573bd94779dd78c5d81a9803b0b06714dcbc65b7ce05
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC41F811B0B69245F994FFA2A8515F99353AF84780FC60231DD8DA7BF6DD3ED5048320
                                                                                                                                                                                                          Function 00007FF7A3B21210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 754 7ff7a3b21210-7ff7a3b2126d call 7ff7a3b2bdf0 757 7ff7a3b21297-7ff7a3b212af call 7ff7a3b34fb4 754->757 758 7ff7a3b2126f-7ff7a3b21296 call 7ff7a3b22710 754->758 763 7ff7a3b212b1-7ff7a3b212cf call 7ff7a3b34f78 call 7ff7a3b22910 757->763 764 7ff7a3b212d4-7ff7a3b212e4 call 7ff7a3b34fb4 757->764 775 7ff7a3b21439-7ff7a3b2144e call 7ff7a3b2bad0 call 7ff7a3b34fa0 * 2 763->775 769 7ff7a3b21309-7ff7a3b2131b 764->769 770 7ff7a3b212e6-7ff7a3b21304 call 7ff7a3b34f78 call 7ff7a3b22910 764->770 774 7ff7a3b21320-7ff7a3b21345 call 7ff7a3b3040c 769->774 770->775 783 7ff7a3b2134b-7ff7a3b21355 call 7ff7a3b30180 774->783 784 7ff7a3b21431 774->784 791 7ff7a3b21453-7ff7a3b2146d 775->791 783->784 789 7ff7a3b2135b-7ff7a3b21367 783->789 784->775 792 7ff7a3b21370-7ff7a3b21398 call 7ff7a3b2a230 789->792 795 7ff7a3b2139a-7ff7a3b2139d 792->795 796 7ff7a3b21416-7ff7a3b2142c call 7ff7a3b22710 792->796 797 7ff7a3b2139f-7ff7a3b213a9 795->797 798 7ff7a3b21411 795->798 796->784 800 7ff7a3b213ab-7ff7a3b213b9 call 7ff7a3b30b4c 797->800 801 7ff7a3b213d4-7ff7a3b213d7 797->801 798->796 806 7ff7a3b213be-7ff7a3b213c1 800->806 803 7ff7a3b213ea-7ff7a3b213ef 801->803 804 7ff7a3b213d9-7ff7a3b213e7 call 7ff7a3b49ea0 801->804 803->792 805 7ff7a3b213f5-7ff7a3b213f8 803->805 804->803 809 7ff7a3b213fa-7ff7a3b213fd 805->809 810 7ff7a3b2140c-7ff7a3b2140f 805->810 811 7ff7a3b213cf-7ff7a3b213d2 806->811 812 7ff7a3b213c3-7ff7a3b213cd call 7ff7a3b30180 806->812 809->796 813 7ff7a3b213ff-7ff7a3b21407 809->813 810->784 811->796 812->803 812->811 813->774
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                          • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                          • API String ID: 2050909247-2813020118
                                                                                                                                                                                                          • Opcode ID: 15fc9c742c9fb12a8c4ab664e8e5c311509e27342d3a39e207e1bde7a43e7c65
                                                                                                                                                                                                          • Instruction ID: abee2a252b6583f0299ea6bfa252d85ab537f802ea849ed4ad626dc088f10ecc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15fc9c742c9fb12a8c4ab664e8e5c311509e27342d3a39e207e1bde7a43e7c65
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB51E622A0A68281E6A4FF51A4007BAE292BF85794FC54231EDCD67BF5DE3DE505C710
                                                                                                                                                                                                          Function 00007FF7A3B3ED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF7A3B3F11A,?,?,-00000018,00007FF7A3B3ADC3,?,?,?,00007FF7A3B3ACBA,?,?,?,00007FF7A3B35FAE), ref: 00007FF7A3B3EEFC
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF7A3B3F11A,?,?,-00000018,00007FF7A3B3ADC3,?,?,?,00007FF7A3B3ACBA,?,?,?,00007FF7A3B35FAE), ref: 00007FF7A3B3EF08
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                          • API String ID: 3013587201-537541572
                                                                                                                                                                                                          • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                          • Instruction ID: ecaa3ed4eab745445aaf5182c0a324d129e5cb9c75ccc18047256c0c10523a05
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA414C22B1B62581FAD9EF169804575A393BF44B90FCA4136DD9D67FA4DE3EE4048320
                                                                                                                                                                                                          Function 00007FF7A3B236B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,00007FF7A3B23804), ref: 00007FF7A3B236E1
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7A3B23804), ref: 00007FF7A3B236EB
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B22C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7A3B23706,?,00007FF7A3B23804), ref: 00007FF7A3B22C9E
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B22C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7A3B23706,?,00007FF7A3B23804), ref: 00007FF7A3B22D63
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B22C50: MessageBoxW.USER32 ref: 00007FF7A3B22D99
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                          • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                          • API String ID: 3187769757-2863816727
                                                                                                                                                                                                          • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                          • Instruction ID: abf5afe994366ca9a260bd1075303f90bb5c3ed1f160f21507332d6845244ae8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC21B651B0E58251FAE0BF60E801BB5A252BF84744FC10332E5DDA65F5EE3EE204C724
                                                                                                                                                                                                          Function 00007FF7A3B3BACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 899 7ff7a3b3bacc-7ff7a3b3baf2 900 7ff7a3b3bb0d-7ff7a3b3bb11 899->900 901 7ff7a3b3baf4-7ff7a3b3bb08 call 7ff7a3b34f58 call 7ff7a3b34f78 899->901 903 7ff7a3b3bee7-7ff7a3b3bef3 call 7ff7a3b34f58 call 7ff7a3b34f78 900->903 904 7ff7a3b3bb17-7ff7a3b3bb1e 900->904 919 7ff7a3b3befe 901->919 921 7ff7a3b3bef9 call 7ff7a3b3a950 903->921 904->903 906 7ff7a3b3bb24-7ff7a3b3bb52 904->906 906->903 910 7ff7a3b3bb58-7ff7a3b3bb5f 906->910 911 7ff7a3b3bb78-7ff7a3b3bb7b 910->911 912 7ff7a3b3bb61-7ff7a3b3bb73 call 7ff7a3b34f58 call 7ff7a3b34f78 910->912 917 7ff7a3b3bb81-7ff7a3b3bb87 911->917 918 7ff7a3b3bee3-7ff7a3b3bee5 911->918 912->921 917->918 923 7ff7a3b3bb8d-7ff7a3b3bb90 917->923 922 7ff7a3b3bf01-7ff7a3b3bf18 918->922 919->922 921->919 923->912 926 7ff7a3b3bb92-7ff7a3b3bbb7 923->926 928 7ff7a3b3bbea-7ff7a3b3bbf1 926->928 929 7ff7a3b3bbb9-7ff7a3b3bbbb 926->929 930 7ff7a3b3bbc6-7ff7a3b3bbdd call 7ff7a3b34f58 call 7ff7a3b34f78 call 7ff7a3b3a950 928->930 931 7ff7a3b3bbf3-7ff7a3b3bc1b call 7ff7a3b3d66c call 7ff7a3b3a9b8 * 2 928->931 932 7ff7a3b3bbbd-7ff7a3b3bbc4 929->932 933 7ff7a3b3bbe2-7ff7a3b3bbe8 929->933 960 7ff7a3b3bd70 930->960 962 7ff7a3b3bc38-7ff7a3b3bc63 call 7ff7a3b3c2f4 931->962 963 7ff7a3b3bc1d-7ff7a3b3bc33 call 7ff7a3b34f78 call 7ff7a3b34f58 931->963 932->930 932->933 934 7ff7a3b3bc68-7ff7a3b3bc7f 933->934 937 7ff7a3b3bcfa-7ff7a3b3bd04 call 7ff7a3b4398c 934->937 938 7ff7a3b3bc81-7ff7a3b3bc89 934->938 949 7ff7a3b3bd0a-7ff7a3b3bd1f 937->949 950 7ff7a3b3bd8e 937->950 938->937 941 7ff7a3b3bc8b-7ff7a3b3bc8d 938->941 941->937 945 7ff7a3b3bc8f-7ff7a3b3bca5 941->945 945->937 952 7ff7a3b3bca7-7ff7a3b3bcb3 945->952 949->950 954 7ff7a3b3bd21-7ff7a3b3bd33 GetConsoleMode 949->954 958 7ff7a3b3bd93-7ff7a3b3bdb3 ReadFile 950->958 952->937 956 7ff7a3b3bcb5-7ff7a3b3bcb7 952->956 954->950 959 7ff7a3b3bd35-7ff7a3b3bd3d 954->959 956->937 961 7ff7a3b3bcb9-7ff7a3b3bcd1 956->961 964 7ff7a3b3bdb9-7ff7a3b3bdc1 958->964 965 7ff7a3b3bead-7ff7a3b3beb6 GetLastError 958->965 959->958 967 7ff7a3b3bd3f-7ff7a3b3bd61 ReadConsoleW 959->967 970 7ff7a3b3bd73-7ff7a3b3bd7d call 7ff7a3b3a9b8 960->970 961->937 971 7ff7a3b3bcd3-7ff7a3b3bcdf 961->971 962->934 963->960 964->965 973 7ff7a3b3bdc7 964->973 968 7ff7a3b3beb8-7ff7a3b3bece call 7ff7a3b34f78 call 7ff7a3b34f58 965->968 969 7ff7a3b3bed3-7ff7a3b3bed6 965->969 976 7ff7a3b3bd82-7ff7a3b3bd8c 967->976 977 7ff7a3b3bd63 GetLastError 967->977 968->960 981 7ff7a3b3bd69-7ff7a3b3bd6b call 7ff7a3b34eec 969->981 982 7ff7a3b3bedc-7ff7a3b3bede 969->982 970->922 971->937 980 7ff7a3b3bce1-7ff7a3b3bce3 971->980 974 7ff7a3b3bdce-7ff7a3b3bde3 973->974 974->970 984 7ff7a3b3bde5-7ff7a3b3bdf0 974->984 976->974 977->981 980->937 988 7ff7a3b3bce5-7ff7a3b3bcf5 980->988 981->960 982->970 990 7ff7a3b3be17-7ff7a3b3be1f 984->990 991 7ff7a3b3bdf2-7ff7a3b3be0b call 7ff7a3b3b6e4 984->991 988->937 995 7ff7a3b3be9b-7ff7a3b3bea8 call 7ff7a3b3b524 990->995 996 7ff7a3b3be21-7ff7a3b3be33 990->996 999 7ff7a3b3be10-7ff7a3b3be12 991->999 995->999 1000 7ff7a3b3be8e-7ff7a3b3be96 996->1000 1001 7ff7a3b3be35 996->1001 999->970 1000->970 1003 7ff7a3b3be3a-7ff7a3b3be41 1001->1003 1004 7ff7a3b3be7d-7ff7a3b3be88 1003->1004 1005 7ff7a3b3be43-7ff7a3b3be47 1003->1005 1004->1000 1006 7ff7a3b3be49-7ff7a3b3be50 1005->1006 1007 7ff7a3b3be63 1005->1007 1006->1007 1008 7ff7a3b3be52-7ff7a3b3be56 1006->1008 1009 7ff7a3b3be69-7ff7a3b3be79 1007->1009 1008->1007 1010 7ff7a3b3be58-7ff7a3b3be61 1008->1010 1009->1003 1011 7ff7a3b3be7b 1009->1011 1010->1009 1011->1000
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                          • Opcode ID: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                                          • Instruction ID: 0d4033c6dd48f79de188da7ee29b012e0cc29fe15cba9e53705d7d0bcf761cf7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CC1D82290E6A6D2E7A8EF1594012BDA752EB41B80FD74131EACD13FB5CF7EE4458320
                                                                                                                                                                                                          Function 00007FF7A3B28760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 995526605-0
                                                                                                                                                                                                          • Opcode ID: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                          • Instruction ID: 527189d301cca72a61bdb79b633a837abd7c73eaca583aff99f53ea01ef84adf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D219821A0D68282EB90AF95B450539E3A2FB817A0F950335DAED97BF8DE7DD4448710
                                                                                                                                                                                                          Function 00007FF7A3B290E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B28760: GetCurrentProcess.KERNEL32 ref: 00007FF7A3B28780
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B28760: OpenProcessToken.ADVAPI32 ref: 00007FF7A3B28793
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B28760: GetTokenInformation.KERNELBASE ref: 00007FF7A3B287B8
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B28760: GetLastError.KERNEL32 ref: 00007FF7A3B287C2
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B28760: GetTokenInformation.KERNELBASE ref: 00007FF7A3B28802
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B28760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7A3B2881E
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B28760: CloseHandle.KERNEL32 ref: 00007FF7A3B28836
                                                                                                                                                                                                          • LocalFree.KERNEL32(?,00007FF7A3B23C55), ref: 00007FF7A3B2916C
                                                                                                                                                                                                          • LocalFree.KERNEL32(?,00007FF7A3B23C55), ref: 00007FF7A3B29175
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                          • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                          • API String ID: 6828938-1529539262
                                                                                                                                                                                                          • Opcode ID: 44a76ac2d965b652da6d7152683ffc914eb32e79e00aec7a7a922ce7c9633e88
                                                                                                                                                                                                          • Instruction ID: 76fa0d4d3236f4a3ac72b8783aaede26b382819edb2146c9e147ba1ff64f31a7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44a76ac2d965b652da6d7152683ffc914eb32e79e00aec7a7a922ce7c9633e88
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B218121B0A78285F780BF50E4157EAB252FF88780FC60135EA8D637A6DF3ED4008360
                                                                                                                                                                                                          Function 00007FF7A3B27E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(00000000,?,00007FF7A3B2352C,?,00000000,00007FF7A3B23F23), ref: 00007FF7A3B27F22
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateDirectory
                                                                                                                                                                                                          • String ID: %.*s$%s%c$\
                                                                                                                                                                                                          • API String ID: 4241100979-1685191245
                                                                                                                                                                                                          • Opcode ID: b1106a047486010b66b16d7d561c3e0e79f8eec2dc114c611d5a943da294bb6a
                                                                                                                                                                                                          • Instruction ID: 2492e31f17411689d10e414d40ead7e851728adc7afc385c6a3e85a54e69eee2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1106a047486010b66b16d7d561c3e0e79f8eec2dc114c611d5a943da294bb6a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA311A6171AAC145FAA1AF10A451BEAA355EF84BE0F810330EEED577EADE2DD2018710
                                                                                                                                                                                                          Function 00007FF7A3B3CFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A3B3CFBB), ref: 00007FF7A3B3D0EC
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A3B3CFBB), ref: 00007FF7A3B3D177
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 953036326-0
                                                                                                                                                                                                          • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                          • Instruction ID: dd5283ee3991216c8abba2e56d138b5151f7218a88af6b87100fcd2c8eb3618d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E910832F1976185F794AF6598402BCABA2AB40B84F954139DE8E77EA4CF3ED441C720
                                                                                                                                                                                                          Function 00007FF7A3B3F9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _get_daylight$_isindst
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4170891091-0
                                                                                                                                                                                                          • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                          • Instruction ID: 98f28aa6dd58ed946582f0688e33363d78f690e73e6a08554a631d900b9d3c91
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D513B72F0652186FB58EF2899516BCA763AB10358F920136DD5E63EF5EF3DA401C710
                                                                                                                                                                                                          Function 00007FF7A3B357EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2780335769-0
                                                                                                                                                                                                          • Opcode ID: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                          • Instruction ID: 807ebeca4c7bcb8acf9fb6a2a0a1f33daea53434aebb29fa93c05d8e4440eb87
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9251E322E052518AFB98EF71D4543BD63A2AB44B58F564536DE8D67EA8DF3DD0408320
                                                                                                                                                                                                          Function 00007FF7A3B35698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1279662727-0
                                                                                                                                                                                                          • Opcode ID: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                          • Instruction ID: b2ad6f7ccf1f8b659f11f5ecd0274c7e55f7bc816ef0f73c7631ff77c717537c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6141B322E1979183E398EF209514379A261FB94754F518335E6DC13EE1DF6DA4E08760
                                                                                                                                                                                                          Function 00007FF7A3B2CCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3251591375-0
                                                                                                                                                                                                          • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                          • Instruction ID: 5a408877c1183e3b7325827a07aefd4d4a2805cd0d6e99045ed034c53c1f8c9f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8315D10E0E28245FAE4BFA49421BB9A6839F41384FC60635D6CD676F7DE2FA4058231
                                                                                                                                                                                                          Function 00007FF7A3B39AA0 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                          • Opcode ID: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                          • Instruction ID: e27601180f1410ffdd5329d3474d7cc339302a179a3e66a97bd19bf7c3082a87
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71D05E10B1A70687FB887F301C98178A2136F48B40F861438C9CB26BB3ED3EA40C4320
                                                                                                                                                                                                          Function 00007FF7A3B301AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                          • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                          • Instruction ID: 172dea6ede5df94c3a544b523b10cacb5da7c2b33d1e43a4ed145f88f2f37af7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB510B21B0B66146F7ACAD25940067AE293BF44BA4F964730DDEE23FE5CF3ED5018621
                                                                                                                                                                                                          Function 00007FF7A3B3C1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2976181284-0
                                                                                                                                                                                                          • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                          • Instruction ID: 518ec3352aa66293dd6046cd2a2c2872677ba7b28e54b8fe80f54b2cb4f43246
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8011E261B09A9181DA94AF65B804069F362AB41BF0F950331EEBD5BFF9CF7DD0058700
                                                                                                                                                                                                          Function 00007FF7A3B35994 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A3B358A9), ref: 00007FF7A3B359C7
                                                                                                                                                                                                          • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A3B358A9), ref: 00007FF7A3B359DD
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1707611234-0
                                                                                                                                                                                                          • Opcode ID: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                          • Instruction ID: 4a91560b097d395c7ae025bf07b6ca5ae0239ff8e6b3fdef35b1da79572b1213
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6111C13260D65282EA98AF11A44113AF762FB84771F910236FADD91DF8EF6DD114DB20
                                                                                                                                                                                                          Function 00007FF7A3B3A9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(?,?,?,00007FF7A3B42D92,?,?,?,00007FF7A3B42DCF,?,?,00000000,00007FF7A3B43295,?,?,?,00007FF7A3B431C7), ref: 00007FF7A3B3A9CE
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF7A3B42D92,?,?,?,00007FF7A3B42DCF,?,?,00000000,00007FF7A3B43295,?,?,?,00007FF7A3B431C7), ref: 00007FF7A3B3A9D8
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                                                                          • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                          • Instruction ID: 1c7ae19908d349c071fba142e6719fed6c9cd6196a60dae7f1d79e823d916529
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CE04811E0B11282FF9C7FB2544517852525F84741B860134D99D72AB1DE2D54454320
                                                                                                                                                                                                          Function 00007FF7A3B3ABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CloseHandle.KERNELBASE(?,?,?,00007FF7A3B3AA45,?,?,00000000,00007FF7A3B3AAFA), ref: 00007FF7A3B3AC36
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF7A3B3AA45,?,?,00000000,00007FF7A3B3AAFA), ref: 00007FF7A3B3AC40
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseErrorHandleLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 918212764-0
                                                                                                                                                                                                          • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                          • Instruction ID: 52ee82a873438b010b68df26915721b14e4560e149e8a6ac5dc5155ed6c28cab
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA21FC10F1E66241FED87F25A850279E3835F84790FDA4234D99E57FE2CE6EE4444311
                                                                                                                                                                                                          Function 00007FF7A3B3BF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                          • Opcode ID: 77f2f9c0c3853e5df4dc99a11e1b25eaa2aec769d06f52d5773e5caefc843251
                                                                                                                                                                                                          • Instruction ID: a4e8ddff93c1387616c161f10057a8f4fb0cde323ccd38ec5c8d3a6f67380717
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77f2f9c0c3853e5df4dc99a11e1b25eaa2aec769d06f52d5773e5caefc843251
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E141083290A25187EABCEF59A440279F3A2EB55B40F911131D6CE53EE5CF2EE402CB71
                                                                                                                                                                                                          Function 00007FF7A3B27F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _fread_nolock
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 840049012-0
                                                                                                                                                                                                          • Opcode ID: da6d8642933419ebf05c3617bd1a462a1bcc311e92338bbe222da65283b0d714
                                                                                                                                                                                                          • Instruction ID: 5bdb8a6e7ec4c738c08a9292d06a3031aa2d05b12a86ed313c70dd4ab39909bc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: da6d8642933419ebf05c3617bd1a462a1bcc311e92338bbe222da65283b0d714
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D21F811B0A79185FA94BF5264007BBD752BF45BC4FCE4430EE8D67B96CE3EE0418610
                                                                                                                                                                                                          Function 00007FF7A3B3B9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                          • Opcode ID: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                          • Instruction ID: b7d3c37de9898df05972a5e492cd2bf32b4f69a5b2b6b29bbd9c9dfc766ef411
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE31C721919A6286F798BF55840137CAA51AF40B94FC70135D99D23FF2CF7EE4418731
                                                                                                                                                                                                          Function 00007FF7A3B399D1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3947729631-0
                                                                                                                                                                                                          • Opcode ID: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                          • Instruction ID: e6a7b8e11369610db55a955a84c8f18c20d8163bdcbe631d056c2c388e94407d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72219F32A067918EEBA8AF68C4403EC73A2EB44718F850635D69D26FE5DF3DD444C760
                                                                                                                                                                                                          Function 00007FF7A3B36004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                          • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                          • Instruction ID: 0b5c6c55093ab0d0f26685c1f22ed4525e319fc2daf1e60b35ec3bd51ac9d819
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18118422A1E66141EAA8FF1194051BDE266AF45B84FD64032EBCC77EB6DF3ED4408720
                                                                                                                                                                                                          Function 00007FF7A3B463C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                          • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                          • Instruction ID: 762c549be86612a9fb3ac974735a73b68ab84d8ee9379a6f55aa030b5878e926
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5321FC7261968147EBE49F18E440379F762FB84B54F950234D6DD976E5DF3ED8008B10
                                                                                                                                                                                                          Function 00007FF7A3B3042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                          • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                          • Instruction ID: 39d7b263bfa548f9cb031719f5733e82c1df9653b112ae5cea5ec08b046ef67d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB01A561A0976140E988EF565901169E6A6AF85FE0F8A4631EEDD27FE6CE3EE1014310
                                                                                                                                                                                                          Function 00007FF7A3B37F6C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                          • Opcode ID: 6832eb5f98ca96f5e7cd25db8366a3c1a8b2d6b45623d2691d830cdd3d76c9ad
                                                                                                                                                                                                          • Instruction ID: 9c1d2592db507154769d4c7a0d02045a4a9cb4aa28264b8497d001480188fc0f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6832eb5f98ca96f5e7cd25db8366a3c1a8b2d6b45623d2691d830cdd3d76c9ad
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F01A120E0F6A340FAD87F256542179D192BF44790FD64235E9EC62EF6DF3EA4408232
                                                                                                                                                                                                          Function 00007FF7A3B382A8 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                          • Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                          • Instruction ID: 26aa9f545e5f94ba33cb2268b6c6ed39164df3350437cab49e11cd1f382cad23
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1E08658E0E61342F69C3EA448831BD95135F45380FC74430DD9876EF3DE2E684C4232
                                                                                                                                                                                                          Function 00007FF7A3B3EC08 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,00000000,00007FF7A3B3B39A,?,?,?,00007FF7A3B34F81,?,?,?,?,00007FF7A3B3A4FA), ref: 00007FF7A3B3EC5D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                          • Opcode ID: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                          • Instruction ID: c9fb10483adac5a99b9c94501391875d2b0546ba7138d83d0fd37da17080b6f0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4EF04F45B0B22655FEDC7E6254513B9D6925F44B80FCE4431C98E67FF1DE2EE4804230
                                                                                                                                                                                                          Function 00007FF7A3B3D66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,?,00007FF7A3B30D00,?,?,?,00007FF7A3B3236A,?,?,?,?,?,00007FF7A3B33B59), ref: 00007FF7A3B3D6AA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                          • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                          • Instruction ID: 2ebd327048ff050b603dc9e8c724df69e4f3ea1965146595dbf736838f6aae49
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2FF03A00B4B36645FAD87EA2580167892A24F547A0F8A0334D9BE65FF2DE2EE4408530

                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                          Function 00007FF7A3B25820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B25830
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B25842
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B25879
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B2588B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B258A4
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B258B6
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B258CF
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B258E1
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B258FD
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B2590F
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B2592B
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B2593D
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B25959
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B2596B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B25987
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B25999
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B259B5
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B259C7
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressErrorLastProc
                                                                                                                                                                                                          • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                          • API String ID: 199729137-653951865
                                                                                                                                                                                                          • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                          • Instruction ID: 6673b4ff94afab7c149fcb68319ab9c0c0169d50e5bf7f93c46953a48c2e96d6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5122AA20A0FB4BE2FAD5FF55A814574E366AF04B41BC61136C9DE22370EF7EB5488225
                                                                                                                                                                                                          Function 00007FF7A3B4411C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                          • API String ID: 808467561-2761157908
                                                                                                                                                                                                          • Opcode ID: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                          • Instruction ID: 31bcf14d118d2d17b2ac506eeae57782f88b28c8c40015f4b0bf42212b213d3a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6B22672E192828BF7A4DE64D4417FCB7A2FB44388F811135DA4E67A94DF3AE900CB54
                                                                                                                                                                                                          Function 00007FF7A3B2AD1D Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                          • API String ID: 0-2665694366
                                                                                                                                                                                                          • Opcode ID: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                          • Instruction ID: eaf9a3d5c27cbac04f66165e652513b6f4757bcfbbfb7a98c8b05d81ea3342f2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7521572A156E68BD7949F15C458F7EBBAAFB44340F424239E68A93790DF3ED840CB10
                                                                                                                                                                                                          Function 00007FF7A3B2D19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3140674995-0
                                                                                                                                                                                                          • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                          • Instruction ID: 31bd836aa4dca6d69a12040644bb50667ee2a91fd22fa37bef97dcd48a7377e3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91316272A09B8186EBA0DF60E8407EE7365FB84704F454139DB8D57BA5DF39C548C724
                                                                                                                                                                                                          Function 00007FF7A3B3A684 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1239891234-0
                                                                                                                                                                                                          • Opcode ID: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                          • Instruction ID: eb680d5f40c7f7304a559682e9a79a188b4625c66251e004918a7363b85b5e9b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D31B332609B8186EBA0DF24E8407AEB3A5FB88754F950135EACD53BA5DF3DC145CB10
                                                                                                                                                                                                          Function 00007FF7A3B418E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2227656907-0
                                                                                                                                                                                                          • Opcode ID: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                          • Instruction ID: fe6692428a1571d5511293155c3455b67f4a27c45399d9a8607adb8416462d1b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9EB1B522F5A69241FAA1EF2194001B9E352EB44BD4F964131DEDE27BF5EE3DE441C314
                                                                                                                                                                                                          Function 00007FF7A3B2D080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                          • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                          • Instruction ID: ce0a79b17b906597ea7843ed9e6c2702f6d943e911a0bcc315884647b985ed4c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5118822B15B05CAFB80EF70E8452A973A0FB08718F840E31DAAD927A4DF38D0548390
                                                                                                                                                                                                          Function 00007FF7A3B43C80 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: memcpy_s
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1502251526-0
                                                                                                                                                                                                          • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                          • Instruction ID: 47154445209266e21971079a30afdb0941dc0496ab8cadec19fe5d899e34e5a4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2C14B7271A28587E764DF15A0446AAF7A2F794784F868134DB8E53B94DB3EE810CB04
                                                                                                                                                                                                          Function 00007FF7A3B2A4E4 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                          • API String ID: 0-1127688429
                                                                                                                                                                                                          • Opcode ID: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                          • Instruction ID: dc958f2c7bce2860ccd72032fa9036074b616ad09de9a4d24754bb959ea70745
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56F19472A1A3C58BE7D5AF558088F3ABBAAEF44740F474634EA89673A0CF39D540C750
                                                                                                                                                                                                          Function 00007FF7A3B49798 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 15204871-0
                                                                                                                                                                                                          • Opcode ID: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                          • Instruction ID: 61f15b781e831d0263723d2fa398a2473c4d71198071fbcd3464410feb77973a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9B17B73A05B898FEB55CF29C8463687BA1F784B88F16C821DA9D837B4CB3AD451C714
                                                                                                                                                                                                          Function 00007FF7A3B33A14 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $
                                                                                                                                                                                                          • API String ID: 0-227171996
                                                                                                                                                                                                          • Opcode ID: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                          • Instruction ID: c63e298121d63e1d1ac623c11de1cef389031c560b13755ff3f113cad3fdb581
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FBE1B732A0A66641E7ACAE15805013EB362FF45B44F966135EA8E27EF4DF3FE841C710
                                                                                                                                                                                                          Function 00007FF7A3B2A34B Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                          • API String ID: 0-900081337
                                                                                                                                                                                                          • Opcode ID: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                          • Instruction ID: afd268b5280e8e5787930839070af02af8978484ba5d02a1343e350826bbdcf2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A091D672A192C68BE7E49F55C448F3E7B9AFB44340F524239DA9A567A0CF39E540CB10
                                                                                                                                                                                                          Function 00007FF7A3B3DF60 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: e+000$gfff
                                                                                                                                                                                                          • API String ID: 0-3030954782
                                                                                                                                                                                                          • Opcode ID: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                          • Instruction ID: de21752da740bc6f50050995bc05cc12a141f977207fa94cc374f31ca98e84f8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74519A23B196D186E7A89E359801769F792E744B94F8A8232CBD847EE1CF3FE4008710
                                                                                                                                                                                                          Function 00007FF7A3B3DACC Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: gfffffff
                                                                                                                                                                                                          • API String ID: 0-1523873471
                                                                                                                                                                                                          • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                          • Instruction ID: 4ffea7c49505cad158a04e0c7290e1d362710d7655df435645ba7a475a5cbb95
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                          • Instruction Fuzzy Hash: ECA17B63A0A7D586EBA9DF25A0007B9BB92EB50784F828035DECD57FA1DE3ED501C310
                                                                                                                                                                                                          Function 00007FF7A3B38804 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: TMP
                                                                                                                                                                                                          • API String ID: 3215553584-3125297090
                                                                                                                                                                                                          • Opcode ID: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                          • Instruction ID: 3c36e7e5524e8e2a9cc002ac473e42e21201eca653e4a2f7ca1e78b72a42a5c6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9651BA05F0A26241FADCBE26550117AD2936F44BC4FDA5134DE8DA7FF1EE3EE4094225
                                                                                                                                                                                                          Function 00007FF7A3B434F0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: HeapProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 54951025-0
                                                                                                                                                                                                          • Opcode ID: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                          • Instruction ID: f0a1d8162c47af5ad20bb63921c3daa2a9b3cac7d537b07c1c8980536a016f6a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FFB09220E07A42C3FE887F216C8221862A67F48700FDA0138C28D60330DE3D20E55B21
                                                                                                                                                                                                          Function 00007FF7A3B33610 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                          • Instruction ID: f33cae96aec072c897f7039e8f2de4cf83151a7729312f96ec7c2f004c8758d5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25D1FD6690A66285E7EC9E25804067EA352EF05B48F962235DD8D27FF4CF3FE445C710
                                                                                                                                                                                                          Function 00007FF7A3B29870 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                          • Instruction ID: c527ed40efae7a709d0ca0a67bebcbcdd0c762aaebc67db16e596211e55a4486
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98C19C762181E08BD28AEB29E4794BA73E1F78930DBD5416BEF87477C5C63CA414DB20
                                                                                                                                                                                                          Function 00007FF7A3B32C80 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                          • Instruction ID: e3c185e1c4661e6d9aa7bda26158d018141f287b7ad380b66c151695a5f48580
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CBB1B13290A76585E7A89F29E05013CBBA1E709F48FA60135CB9D5BFA5CF3EE441C760
                                                                                                                                                                                                          Function 00007FF7A3B3E5E0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                          • Instruction ID: 0ef8aed52283772db3ef67ce35fd13758787ea5c9a7a75715db5750f0c0ae901
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79810573A0979186E7B8DF19944037ABA92FB45794F914236DACD63FA5CF3EE4008B10
                                                                                                                                                                                                          Function 00007FF7A3B46488 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                          • Opcode ID: b78332369169aed8be6dd13cc6d08ed8a401c1151d3c5d6e5b3c154adaf735d2
                                                                                                                                                                                                          • Instruction ID: 83074ea7a111ef6fbe73947e064d04b384b0372e10dd290c792770c51f02679b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b78332369169aed8be6dd13cc6d08ed8a401c1151d3c5d6e5b3c154adaf735d2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3612E32E0E29646F7E4AD28840437DE693AF40760F974239D69D66AF5DE7FE8008724
                                                                                                                                                                                                          Function 00007FF7A3B319B4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                          • Instruction ID: 1e41a3c163bcf6622b3d39a36aee066c103e305f8c64acec8f1f49c78a542021
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39519936A1966181E768AF29C040238B365EB44B59F654131CADD27FB4DF3FE843C750
                                                                                                                                                                                                          Function 00007FF7A3B321D4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                          • Instruction ID: 8328201ba925fb511333c3670dae5449b3121847234594c5b0ba2bf21c0b3070
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6351A732A1966585E7A89F19D440238B3A2EB54B58F654131CEDD2BFB4CB3FE843C750
                                                                                                                                                                                                          Function 00007FF7A3B31DC4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                          • Instruction ID: 57efa2353a6a8474507c86236683888ccfd3fa14f43d8a502588583c1e8508c8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67516836A1667581E768AF15D0402287366EB58B58F654131CA8D27FB5CF3FE842C750
                                                                                                                                                                                                          Function 00007FF7A3B31BC0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                          • Instruction ID: 78a7e588e1e8ef877b6df2d8839841ee6ae35e3660721d40a17c92c2edcead69
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5751DC32A1966185E7A8AF19C04023877A6EB45B58FA54131CE8C2BFB4CF3FE853C750
                                                                                                                                                                                                          Function 00007FF7A3B317B0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                          • Instruction ID: 7d04d6a2b9ec65eba8853f3895f071994cda8588af27c43630d7aef0d28d36fc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D51B836A1566185E7A8AF18C04023CA3A6EB48B58F654131CE8D27FB4CF3FE853C754
                                                                                                                                                                                                          Function 00007FF7A3B31FD0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                          • Instruction ID: 92b193c73db3335132933b8fa7a3d8ca0b3a28b190e20e539a4f444e8edad294
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF519636A15A6185E7689F28E44026867A2EB44B58F654131CE9C2BFB4CB3FEC46C750
                                                                                                                                                                                                          Function 00007FF7A3B35DA0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                          • Instruction ID: b4850f1eb43d5063d8d81de4216eaf4882baff991c5a66bf9f5bf5971bf0bdfa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6341C97280B6BE44E9EDDD28050C6B8D6829F22BA0DD91272DCD973FE2DD0F69468121
                                                                                                                                                                                                          Function 00007FF7A3B39F10 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                                                                          • Opcode ID: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                          • Instruction ID: e739f74f17350a11a72453efbc25b72334bd829a4923d988fcd4270f0a21be6d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D411823715A5581EF88DF2AD9141A9B392FB48FD0B9A9033DE4DA7F64DE3ED4418300
                                                                                                                                                                                                          Function 00007FF7A3B38154 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                          • Instruction ID: 57ee2d786a27d14580da3f220d95299fc66e2d8c5a58f1fce4ed529dfcb7180a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB31D632B0AB5281E798AF25A84013DE696AB84BD0F954239EADDB3FE5DF3DD0014314
                                                                                                                                                                                                          Function 00007FF7A3B495E0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                          • Instruction ID: 2a472a6df5f995773dc47fddc2ec69487340d1cdbc246f81e99082b73729d732
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80F06871B192958ADBD89F69A40262977D1F7483C0F848039E5CD83B64DB3DD1618F14
                                                                                                                                                                                                          Function 00007FF7A3B2D37C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                          • Instruction ID: d70541a02c0e414e98af59a4a3ed20f1135072f4a52b921a1f1cfdb60c389857
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05A00221D0EE4AD1F6C4EF54E890975A732FB50300BD20139E1DD610B09F3EA500D364
                                                                                                                                                                                                          Function 00007FF7A3B276B0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressErrorLastProc
                                                                                                                                                                                                          • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                          • API String ID: 199729137-3427451314
                                                                                                                                                                                                          • Opcode ID: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                          • Instruction ID: 1ac53beb8b6daae600db178ba1145770c0046f7731d26f2129b81cdd598ba0d5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1402C360A0FB47D2FAD5FFA5B810974A267AF04755BC20135C5DE22372EF7EA1498238
                                                                                                                                                                                                          Function 00007FF7A3B281C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B29400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7A3B245E4,00000000,00007FF7A3B21985), ref: 00007FF7A3B29439
                                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,00007FF7A3B288A7,?,?,00000000,00007FF7A3B23CBB), ref: 00007FF7A3B2821C
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B22810: MessageBoxW.USER32 ref: 00007FF7A3B228EA
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                          • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                          • API String ID: 1662231829-930877121
                                                                                                                                                                                                          • Opcode ID: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                          • Instruction ID: aae6f7088640b49bfebefe2be76b6dcf83b1d188a99ac63895178cfebd8fe714
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B51C911B1B6C281F7D0FF60E841AB9E253AF94780FC64531E5CEE66B5EE2EE1048760
                                                                                                                                                                                                          Function 00007FF7A3B22180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                          • String ID: P%
                                                                                                                                                                                                          • API String ID: 2147705588-2959514604
                                                                                                                                                                                                          • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                          • Instruction ID: 1ec7627d4a297d747e848d78c5bb03259351a33882b051fb626e2e4ead7c5561
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD5107266047A187D6749F26F4181BAF7A2F798B61F004125EBDE43794DF3DD045CB20
                                                                                                                                                                                                          Function 00007FF7A3B280B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                          • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                          • API String ID: 3975851968-2863640275
                                                                                                                                                                                                          • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                          • Instruction ID: f104a9650453b30570b59ed0137c8b4a499c81c7d6f425d761a28bcb8ecbddb2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A421FD21B0A682C2F785AF76B844579A252EF88B91F8A0230DBDD933F4DE2DD5408220
                                                                                                                                                                                                          Function 00007FF7A3B36300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: -$:$f$p$p
                                                                                                                                                                                                          • API String ID: 3215553584-2013873522
                                                                                                                                                                                                          • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                          • Instruction ID: 19c5a763df3c0a272ae3a9c3607282bf421adc2f9d3900d8f26d7635db8e4304
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F12A061E0A16786FBE87E1591843B9F6A2FB40750FC64135D6C927EE4DF3EE5808B20
                                                                                                                                                                                                          Function 00007FF7A3B31038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: f$f$p$p$f
                                                                                                                                                                                                          • API String ID: 3215553584-1325933183
                                                                                                                                                                                                          • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                          • Instruction ID: 4c614a2131924ee7bccd6680da652f676fdf65ccc8336da5469a055dff04455a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A712D321E0E16385FBA8BE55E4142B9F26BFB80754FCA4035D6C952DF4DB7EE5808B20
                                                                                                                                                                                                          Function 00007FF7A3B21050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                          • API String ID: 2050909247-3659356012
                                                                                                                                                                                                          • Opcode ID: d71e4b7b1744fd061dd4f171bedf68f3ca03f3e9821f53b1d0028571ae7a1026
                                                                                                                                                                                                          • Instruction ID: 6176e9408c872933f1e92b44e48565602e616a2c402e7b92ea6083bf4fe4adf9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d71e4b7b1744fd061dd4f171bedf68f3ca03f3e9821f53b1d0028571ae7a1026
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30419521B0A59282FA84FF52A8019B9E392BF44BC4FC64531EDCD27BB5DE3EE1018750
                                                                                                                                                                                                          Function 00007FF7A3B21470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                          • API String ID: 2050909247-3659356012
                                                                                                                                                                                                          • Opcode ID: 17e152b10182aed67a72398ac85b67c0f98998c656add469577b8d559d4f932d
                                                                                                                                                                                                          • Instruction ID: ad35dd374e3baea934981cd4a80ac7685fa018567c2b24dca1834469d9454788
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17e152b10182aed67a72398ac85b67c0f98998c656add469577b8d559d4f932d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C41A521A0A59286FA80EF6194015F9E392FF44784FC54532EECD27BB9DE3EE5018724
                                                                                                                                                                                                          Function 00007FF7A3B2EA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                          • API String ID: 849930591-393685449
                                                                                                                                                                                                          • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                          • Instruction ID: ba31fc5c217dc89364841d4547c9f7909d081c00a6cd28b20192846c05cd7f07
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DBD1B33290978186EBA0AFA6D4447ADB7A5FB45788F510235EE8D67BA5CF3DE040C720
                                                                                                                                                                                                          Function 00007FF7A3B22C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7A3B23706,?,00007FF7A3B23804), ref: 00007FF7A3B22C9E
                                                                                                                                                                                                          • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7A3B23706,?,00007FF7A3B23804), ref: 00007FF7A3B22D63
                                                                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF7A3B22D99
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                          • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                          • API String ID: 3940978338-251083826
                                                                                                                                                                                                          • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                          • Instruction ID: 9953abd0e9de15fb65e3609415924e242d38217421590934457cc39a6ef49d0d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1331093370968042E660BF61B8006ABA692BF847C4F820236DFCDA7769DE3DD506C310
                                                                                                                                                                                                          Function 00007FF7A3B2DD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF7A3B2DFEA,?,?,?,00007FF7A3B2DCDC,?,?,?,00007FF7A3B2D8D9), ref: 00007FF7A3B2DDBD
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF7A3B2DFEA,?,?,?,00007FF7A3B2DCDC,?,?,?,00007FF7A3B2D8D9), ref: 00007FF7A3B2DDCB
                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF7A3B2DFEA,?,?,?,00007FF7A3B2DCDC,?,?,?,00007FF7A3B2D8D9), ref: 00007FF7A3B2DDF5
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF7A3B2DFEA,?,?,?,00007FF7A3B2DCDC,?,?,?,00007FF7A3B2D8D9), ref: 00007FF7A3B2DE63
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF7A3B2DFEA,?,?,?,00007FF7A3B2DCDC,?,?,?,00007FF7A3B2D8D9), ref: 00007FF7A3B2DE6F
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                          • API String ID: 2559590344-2084034818
                                                                                                                                                                                                          • Opcode ID: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                          • Instruction ID: 75be4bf83acf7697c6f0d62b0b4acd68e7dc02a87a9d0d6da660a22aeacd38ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC31E921B0B78581EE91FF529800975A395FF58B90F8A4639DDAD27360DF3DE4408320
                                                                                                                                                                                                          Function 00007FF7A3B26350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                          • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                          • API String ID: 2050909247-2434346643
                                                                                                                                                                                                          • Opcode ID: 5c7507e70d60f0fb7e3c9a3209df06ed2678ab3c183624e845013dd92edd1fac
                                                                                                                                                                                                          • Instruction ID: 3f06120c831e08775c9ce2f50d5e9c12b6e621684da2b095997ca2333ae2b92a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c7507e70d60f0fb7e3c9a3209df06ed2678ab3c183624e845013dd92edd1fac
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A441A521A1EAC691EA91FF50E4156E9A312FF54340FC10232DADC676B5EF3DE505C760
                                                                                                                                                                                                          Function 00007FF7A3B22A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF7A3B2351A,?,00000000,00007FF7A3B23F23), ref: 00007FF7A3B22AA0
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                          • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                          • API String ID: 2050909247-2900015858
                                                                                                                                                                                                          • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                          • Instruction ID: 9f3724fc4777d82f1d36e9bf3eccec85cd9920f351572f9bdfd332f1ed592fe2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5021A63261978192E650EF51B4817E6A355FB883C4F810232EECC63669DF3DD1458750
                                                                                                                                                                                                          Function 00007FF7A3B3B1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                                          • Opcode ID: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                                          • Instruction ID: fa9419698329e8c4fc0e948954b561092306fc9e1a1c8e2e9ee73743c346d851
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE218120F0E66682F6DCBF615A5117DE1435F447A0F924335E9BE66EFADE2EA4004360
                                                                                                                                                                                                          Function 00007FF7A3B47DDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                          • String ID: CONOUT$
                                                                                                                                                                                                          • API String ID: 3230265001-3130406586
                                                                                                                                                                                                          • Opcode ID: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                          • Instruction ID: 742c174c99961a48832bf96d10bb7500a292cf94ea762cb1af6aca6c92c77708
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D511A221B19A4182F790AF16E844329A6A5BB88BE4F410234DA9E977A4CF3DD8018754
                                                                                                                                                                                                          Function 00007FF7A3B28560 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,?,?,00000000,00007FF7A3B29216), ref: 00007FF7A3B28592
                                                                                                                                                                                                          • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF7A3B29216), ref: 00007FF7A3B285E9
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B29400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7A3B245E4,00000000,00007FF7A3B21985), ref: 00007FF7A3B29439
                                                                                                                                                                                                          • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF7A3B29216), ref: 00007FF7A3B28678
                                                                                                                                                                                                          • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF7A3B29216), ref: 00007FF7A3B286E4
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,00000000,00007FF7A3B29216), ref: 00007FF7A3B286F5
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,00000000,00007FF7A3B29216), ref: 00007FF7A3B2870A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3462794448-0
                                                                                                                                                                                                          • Opcode ID: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                          • Instruction ID: 4bc1dad00278bfedbf1bc8f36c050beb1c17289a93db50fd000ea6a7d0f56332
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6941DD2271A6D245E6B0AF51A440AB6A396FF44BC4F860231DFCDB7BA5DE3DD401C720
                                                                                                                                                                                                          Function 00007FF7A3B3B338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF7A3B34F81,?,?,?,?,00007FF7A3B3A4FA,?,?,?,?,00007FF7A3B371FF), ref: 00007FF7A3B3B347
                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7A3B34F81,?,?,?,?,00007FF7A3B3A4FA,?,?,?,?,00007FF7A3B371FF), ref: 00007FF7A3B3B37D
                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7A3B34F81,?,?,?,?,00007FF7A3B3A4FA,?,?,?,?,00007FF7A3B371FF), ref: 00007FF7A3B3B3AA
                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7A3B34F81,?,?,?,?,00007FF7A3B3A4FA,?,?,?,?,00007FF7A3B371FF), ref: 00007FF7A3B3B3BB
                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7A3B34F81,?,?,?,?,00007FF7A3B3A4FA,?,?,?,?,00007FF7A3B371FF), ref: 00007FF7A3B3B3CC
                                                                                                                                                                                                          • SetLastError.KERNEL32(?,?,?,00007FF7A3B34F81,?,?,?,?,00007FF7A3B3A4FA,?,?,?,?,00007FF7A3B371FF), ref: 00007FF7A3B3B3E7
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                                          • Opcode ID: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                                          • Instruction ID: 1819e64c9c3bb0543c3b1b44a847ef4a880bbcafd1ee569b635b399332d58b07
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF119220B0E66282F7DCBF25564117DE1435F447A0FD24335E8AEA6FFADE6EA4018321
                                                                                                                                                                                                          Function 00007FF7A3B22910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7A3B21B6A), ref: 00007FF7A3B2295E
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                          • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                          • API String ID: 2050909247-2962405886
                                                                                                                                                                                                          • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                          • Instruction ID: b6417ff4dc99a11801b2f32d068d60586c54ec74e41b741cb01756880fa0de2a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3313723B0A68152E750FF61B8416E6A292BF887D4F820232EECCA3765DF3DD1468210
                                                                                                                                                                                                          Function 00007FF7A3B22390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                          • String ID: Unhandled exception in script
                                                                                                                                                                                                          • API String ID: 3081866767-2699770090
                                                                                                                                                                                                          • Opcode ID: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                          • Instruction ID: 9502c7688f716fa3c1f4d6947e7fb8ef7ca1b3fcfca7718b23df5389a3b580cc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D631953260A68189EBA4EF61F8556F9A361FF88784F850235EA8D5BF69DF3DC104C710
                                                                                                                                                                                                          Function 00007FF7A3B22B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF7A3B2918F,?,00007FF7A3B23C55), ref: 00007FF7A3B22BA0
                                                                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF7A3B22C2A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentMessageProcess
                                                                                                                                                                                                          • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                          • API String ID: 1672936522-3797743490
                                                                                                                                                                                                          • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                          • Instruction ID: 029b6d3e6d81850db34f88e13fde10a3fd2e68bd5727a21d2e2debf6f0b4378b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4721B122709B8182E691EF54F8457EAA365FB88780F814132EACD67666DE3DD205C750
                                                                                                                                                                                                          Function 00007FF7A3B22710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF7A3B21B99), ref: 00007FF7A3B22760
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                          • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                          • API String ID: 2050909247-1591803126
                                                                                                                                                                                                          • Opcode ID: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                          • Instruction ID: a142615334a08d40bbd4ff4dd9e9bd6931b376a65bebaf5a47195d6d00d6082c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D21A332A1A78192E690EF50B8417E6A395EB88384F810231EECC63669DF3DD5458750
                                                                                                                                                                                                          Function 00007FF7A3B39AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                          • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                          • Instruction ID: 022d1891b741e92b2fb70c7e450ca37ea52a64f87c3aafd83518e6aa9ced8e1e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14F0C221B0B70682FB94AF24E444339A322AF88761F850235CBEE56AF4DF3ED444C324
                                                                                                                                                                                                          Function 00007FF7A3B493D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _set_statfp
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1156100317-0
                                                                                                                                                                                                          • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                          • Instruction ID: c74ca89f358b4b356d11b32bb88f130a1fff18ac3febdf6f8050113ba688bed1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C11B262E0DA1309F6F43928F456375B0466F98370F86C634EAEE262F68E2E6D41412D
                                                                                                                                                                                                          Function 00007FF7A3B3B400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FlsGetValue.KERNEL32(?,?,?,00007FF7A3B3A613,?,?,00000000,00007FF7A3B3A8AE,?,?,?,?,?,00007FF7A3B3A83A), ref: 00007FF7A3B3B41F
                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7A3B3A613,?,?,00000000,00007FF7A3B3A8AE,?,?,?,?,?,00007FF7A3B3A83A), ref: 00007FF7A3B3B43E
                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7A3B3A613,?,?,00000000,00007FF7A3B3A8AE,?,?,?,?,?,00007FF7A3B3A83A), ref: 00007FF7A3B3B466
                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7A3B3A613,?,?,00000000,00007FF7A3B3A8AE,?,?,?,?,?,00007FF7A3B3A83A), ref: 00007FF7A3B3B477
                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7A3B3A613,?,?,00000000,00007FF7A3B3A8AE,?,?,?,?,?,00007FF7A3B3A83A), ref: 00007FF7A3B3B488
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                          • Opcode ID: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                                          • Instruction ID: 26cd80a8410da237365f220afdb8f74b394166ec3e82d3120ee7ed448435d4a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4116620B0A65282F5DCBF255651179E2435F847B0FD64335E8BD66EFADE2EE4018320
                                                                                                                                                                                                          Function 00007FF7A3B3B294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                          • Opcode ID: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                                          • Instruction ID: edd9b08be0a71f8ad7f839499045b92168a5afdc530680317978077d22bb670a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47110A10E0F62682FADCBE2549111B9E1434F45320FD64735E9BE6AEF6DD2EB8014261
                                                                                                                                                                                                          Function 00007FF7A3B36010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: verbose
                                                                                                                                                                                                          • API String ID: 3215553584-579935070
                                                                                                                                                                                                          • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                          • Instruction ID: 70054ae9cbd952bac33ed049bac66be63b1f3c719a32c11e9c64c9c91d3f225c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF91E722A0EA5641E7E9AE24D89137DB792AB00B54FC64135DACD63FE5DF3EE4058320
                                                                                                                                                                                                          Function 00007FF7A3B3FC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                          • API String ID: 3215553584-1196891531
                                                                                                                                                                                                          • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                          • Instruction ID: 04bb89e0989f4d341c241b54083c8f4ecd27ddb8e21abc1977336968a995237a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C81C732D0BA7385F7EC6E258104278B6A2AB11744FD74036DA8977EB5CB3FA9018321
                                                                                                                                                                                                          Function 00007FF7A3B2D6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                          • API String ID: 2395640692-1018135373
                                                                                                                                                                                                          • Opcode ID: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                          • Instruction ID: bd7dbfc6ff3dbbd0b29ba1b1ab33ddf74b0b8d80f43ccc614e9c8c4c73d70b24
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A51B432B1A7818ADB94AF55D004A78A392EB44B94F924238DEEE57774DF3EE841C710
                                                                                                                                                                                                          Function 00007FF7A3B2F2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                          • String ID: csm$csm
                                                                                                                                                                                                          • API String ID: 3896166516-3733052814
                                                                                                                                                                                                          • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                          • Instruction ID: 89943d34ba9c8239cf65c59947f8fe832c22dab1325f43ec24cb92fb45c2e8bc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F351D6325093C28AEBA4AF619044B68B7A1FB54B84F964336DADC677A5CF3DE450CB10
                                                                                                                                                                                                          Function 00007FF7A3B2EF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                                          • API String ID: 3544855599-2084237596
                                                                                                                                                                                                          • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                          • Instruction ID: 5328b2cf955713a8988c099e0ffa33b44f64ec3392a600ccac7bdefa6107ab2e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7061A132909BC581EBA09F55E440BAAB7A1FB84B84F854326EBDC17B65CF7DD190CB10
                                                                                                                                                                                                          Function 00007FF7A3B22810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                          • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                          • API String ID: 2030045667-255084403
                                                                                                                                                                                                          • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                          • Instruction ID: e4bd206f0e03ce20c52509a245c2ed27afc31417aebad2fdebdf6dfdba407619
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F021E122B09B8182E690EF54F4457EAA3A1FB88780F810132EECD67666DE3DD205C710
                                                                                                                                                                                                          Function 00007FF7A3B3C610 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2718003287-0
                                                                                                                                                                                                          • Opcode ID: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                          • Instruction ID: 97c9252dc580f2e7a38fda5d3af445bd9e7e9fe503792695819b16e9dd43d11b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65D15672B09A908AE754DFB4D4401ACB7B2FB04798B818235CE9DA7FA9DE3DD406C710
                                                                                                                                                                                                          Function 00007FF7A3B220C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1956198572-0
                                                                                                                                                                                                          • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                          • Instruction ID: 4f2fe7bf57d7ec6af8949d7980db37fddbd0c1a08da4ba10f89bfb1a3c12935f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F211E921B0D18282F6D4AFAAF545A7A9253EB88780FC54130DFC95BBA9CD3ED4918214
                                                                                                                                                                                                          Function 00007FF7A3B45B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: ?
                                                                                                                                                                                                          • API String ID: 1286766494-1684325040
                                                                                                                                                                                                          • Opcode ID: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                          • Instruction ID: b754ec3cff778f279a54610a46712aa21427f3d1f85a6ef5ad805f537329bb12
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C417B12A0AA8642F7A4EF259401379D652EF80BA4F954236EEDC12AF6DF3ED040C714
                                                                                                                                                                                                          Function 00007FF7A3B39084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A3B390B6
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B3A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7A3B42D92,?,?,?,00007FF7A3B42DCF,?,?,00000000,00007FF7A3B43295,?,?,?,00007FF7A3B431C7), ref: 00007FF7A3B3A9CE
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B3A9B8: GetLastError.KERNEL32(?,?,?,00007FF7A3B42D92,?,?,?,00007FF7A3B42DCF,?,?,00000000,00007FF7A3B43295,?,?,?,00007FF7A3B431C7), ref: 00007FF7A3B3A9D8
                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7A3B2CC15), ref: 00007FF7A3B390D4
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                          • API String ID: 3580290477-3059520164
                                                                                                                                                                                                          • Opcode ID: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                          • Instruction ID: 8b647c6e1be784f76e23b3b4dd09b9445e77fa43f6ac83a45dbf65d0c43d5752
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37419635A0AB2289F798FF25A4401BCB7A6EB447C0BD64035E98D67FA5DF3EE4418310
                                                                                                                                                                                                          Function 00007FF7A3B3CCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                                          • API String ID: 442123175-4171548499
                                                                                                                                                                                                          • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                          • Instruction ID: a800494ad174def5a51bd4159de8a0fe1e05862edc97d9ae002e485caf732ca1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D741D432B19A9181EBA0EF65E4443B9A761FB88784F814131EE8D97BA8EF3DD401C750
                                                                                                                                                                                                          Function 00007FF7A3B3F628 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentDirectory
                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                          • API String ID: 1611563598-336475711
                                                                                                                                                                                                          • Opcode ID: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                                          • Instruction ID: a2f69d312bd63d49a7180fa1d1f7cfe748b2af91fc9b9e43f3015c3d6386025d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C21F722A0969182FBA4AF15D04426DB3B3FB84B84FD64036D6CD63EA4DF7ED944C760
                                                                                                                                                                                                          Function 00007FF7A3B2FDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                          • API String ID: 2573137834-1018135373
                                                                                                                                                                                                          • Opcode ID: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                          • Instruction ID: a2c359cddbdd7a7450ccb7e33ddbfb3309b2d44bae56f35279c8d796e1ee927c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45115B32609B8582EBA1DF25F40026AB7E1FB88B84F994231DBCD17769DF3DD5518B00
                                                                                                                                                                                                          Function 00007FF7A3B407AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2246109303.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246070886.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246165452.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246221911.00007FF7A3B62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2246303498.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                          • API String ID: 2595371189-336475711
                                                                                                                                                                                                          • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                          • Instruction ID: ed59c37109db945ea4bfcff21c099e1cafeb23a3d5449d0ba034455fa7f7c1c8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB01A72291E20386F7A4BF60946627EE3A1EF44744FC60136D5CD62AA1DF3EE5048B39

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00007FF7A3B21000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 316 7ff7a3b21000-7ff7a3b23806 call 7ff7a3b2fe88 call 7ff7a3b2fe90 call 7ff7a3b2c8c0 call 7ff7a3b35460 call 7ff7a3b354f4 call 7ff7a3b236b0 330 7ff7a3b23808-7ff7a3b2380f 316->330 331 7ff7a3b23814-7ff7a3b23836 call 7ff7a3b21950 316->331 332 7ff7a3b23c97-7ff7a3b23cb2 call 7ff7a3b2c5c0 330->332 337 7ff7a3b2383c-7ff7a3b23856 call 7ff7a3b21c80 331->337 338 7ff7a3b2391b-7ff7a3b23931 call 7ff7a3b245b0 331->338 342 7ff7a3b2385b-7ff7a3b2389b call 7ff7a3b28a20 337->342 343 7ff7a3b2396a-7ff7a3b2397f call 7ff7a3b22710 338->343 344 7ff7a3b23933-7ff7a3b23960 call 7ff7a3b27f80 338->344 349 7ff7a3b2389d-7ff7a3b238a3 342->349 350 7ff7a3b238c1-7ff7a3b238cc call 7ff7a3b34fa0 342->350 358 7ff7a3b23c8f 343->358 356 7ff7a3b23962-7ff7a3b23965 call 7ff7a3b300bc 344->356 357 7ff7a3b23984-7ff7a3b239a6 call 7ff7a3b21c80 344->357 353 7ff7a3b238af-7ff7a3b238bd call 7ff7a3b28b90 349->353 354 7ff7a3b238a5-7ff7a3b238ad 349->354 365 7ff7a3b239fc-7ff7a3b23a2a call 7ff7a3b28b30 call 7ff7a3b28b90 * 3 350->365 366 7ff7a3b238d2-7ff7a3b238e1 call 7ff7a3b28a20 350->366 353->350 354->353 356->343 367 7ff7a3b239b0-7ff7a3b239b9 357->367 358->332 391 7ff7a3b23a2f-7ff7a3b23a3e call 7ff7a3b28a20 365->391 375 7ff7a3b238e7-7ff7a3b238ed 366->375 376 7ff7a3b239f4-7ff7a3b239f7 call 7ff7a3b34fa0 366->376 367->367 370 7ff7a3b239bb-7ff7a3b239d8 call 7ff7a3b21950 367->370 370->342 381 7ff7a3b239de-7ff7a3b239ef call 7ff7a3b22710 370->381 379 7ff7a3b238f0-7ff7a3b238fc 375->379 376->365 383 7ff7a3b238fe-7ff7a3b23903 379->383 384 7ff7a3b23905-7ff7a3b23908 379->384 381->358 383->379 383->384 384->376 386 7ff7a3b2390e-7ff7a3b23916 call 7ff7a3b34fa0 384->386 386->391 395 7ff7a3b23a44-7ff7a3b23a47 391->395 396 7ff7a3b23b45-7ff7a3b23b53 391->396 395->396 397 7ff7a3b23a4d-7ff7a3b23a50 395->397 398 7ff7a3b23a67 396->398 399 7ff7a3b23b59-7ff7a3b23b5d 396->399 401 7ff7a3b23b14-7ff7a3b23b17 397->401 402 7ff7a3b23a56-7ff7a3b23a5a 397->402 400 7ff7a3b23a6b-7ff7a3b23a90 call 7ff7a3b34fa0 398->400 399->400 411 7ff7a3b23aab-7ff7a3b23ac0 400->411 412 7ff7a3b23a92-7ff7a3b23aa6 call 7ff7a3b28b30 400->412 403 7ff7a3b23b19-7ff7a3b23b1d 401->403 404 7ff7a3b23b2f-7ff7a3b23b40 call 7ff7a3b22710 401->404 402->401 405 7ff7a3b23a60 402->405 403->404 407 7ff7a3b23b1f-7ff7a3b23b2a 403->407 415 7ff7a3b23c7f-7ff7a3b23c87 404->415 405->398 407->400 413 7ff7a3b23be8-7ff7a3b23bfa call 7ff7a3b28a20 411->413 414 7ff7a3b23ac6-7ff7a3b23aca 411->414 412->411 424 7ff7a3b23bfc-7ff7a3b23c02 413->424 425 7ff7a3b23c2e 413->425 417 7ff7a3b23bcd-7ff7a3b23be2 call 7ff7a3b21940 414->417 418 7ff7a3b23ad0-7ff7a3b23ae8 call 7ff7a3b352c0 414->418 415->358 417->413 417->414 429 7ff7a3b23aea-7ff7a3b23b02 call 7ff7a3b352c0 418->429 430 7ff7a3b23b62-7ff7a3b23b7a call 7ff7a3b352c0 418->430 427 7ff7a3b23c1e-7ff7a3b23c2c 424->427 428 7ff7a3b23c04-7ff7a3b23c1c 424->428 431 7ff7a3b23c31-7ff7a3b23c40 call 7ff7a3b34fa0 425->431 427->431 428->431 429->417 440 7ff7a3b23b08-7ff7a3b23b0f 429->440 438 7ff7a3b23b87-7ff7a3b23b9f call 7ff7a3b352c0 430->438 439 7ff7a3b23b7c-7ff7a3b23b80 430->439 441 7ff7a3b23d41-7ff7a3b23d63 call 7ff7a3b244d0 431->441 442 7ff7a3b23c46-7ff7a3b23c4a 431->442 451 7ff7a3b23bac-7ff7a3b23bc4 call 7ff7a3b352c0 438->451 452 7ff7a3b23ba1-7ff7a3b23ba5 438->452 439->438 440->417 455 7ff7a3b23d71-7ff7a3b23d82 call 7ff7a3b21c80 441->455 456 7ff7a3b23d65-7ff7a3b23d6f call 7ff7a3b24620 441->456 444 7ff7a3b23c50-7ff7a3b23c5f call 7ff7a3b290e0 442->444 445 7ff7a3b23cd4-7ff7a3b23ce6 call 7ff7a3b28a20 442->445 459 7ff7a3b23c61 444->459 460 7ff7a3b23cb3-7ff7a3b23cbd call 7ff7a3b28850 444->460 462 7ff7a3b23ce8-7ff7a3b23ceb 445->462 463 7ff7a3b23d35-7ff7a3b23d3c 445->463 451->417 474 7ff7a3b23bc6 451->474 452->451 465 7ff7a3b23d87-7ff7a3b23d96 455->465 456->465 467 7ff7a3b23c68 call 7ff7a3b22710 459->467 479 7ff7a3b23cc8-7ff7a3b23ccf 460->479 480 7ff7a3b23cbf-7ff7a3b23cc6 460->480 462->463 469 7ff7a3b23ced-7ff7a3b23d10 call 7ff7a3b21c80 462->469 463->467 471 7ff7a3b23d98-7ff7a3b23d9f 465->471 472 7ff7a3b23dc4-7ff7a3b23dda call 7ff7a3b29400 465->472 477 7ff7a3b23c6d-7ff7a3b23c77 467->477 482 7ff7a3b23d2b-7ff7a3b23d33 call 7ff7a3b34fa0 469->482 483 7ff7a3b23d12-7ff7a3b23d26 call 7ff7a3b22710 call 7ff7a3b34fa0 469->483 471->472 478 7ff7a3b23da1-7ff7a3b23da5 471->478 488 7ff7a3b23de8-7ff7a3b23e04 SetDllDirectoryW 472->488 489 7ff7a3b23ddc 472->489 474->417 477->415 478->472 484 7ff7a3b23da7-7ff7a3b23dbe SetDllDirectoryW LoadLibraryExW 478->484 479->465 480->467 482->465 483->477 484->472 492 7ff7a3b23e0a-7ff7a3b23e19 call 7ff7a3b28a20 488->492 493 7ff7a3b23f01-7ff7a3b23f08 488->493 489->488 503 7ff7a3b23e1b-7ff7a3b23e21 492->503 504 7ff7a3b23e32-7ff7a3b23e3c call 7ff7a3b34fa0 492->504 495 7ff7a3b23ffc-7ff7a3b24004 493->495 496 7ff7a3b23f0e-7ff7a3b23f15 493->496 500 7ff7a3b24029-7ff7a3b2403e call 7ff7a3b236a0 call 7ff7a3b23360 call 7ff7a3b23670 495->500 501 7ff7a3b24006-7ff7a3b24023 PostMessageW GetMessageW 495->501 496->495 499 7ff7a3b23f1b-7ff7a3b23f25 call 7ff7a3b233c0 496->499 499->477 513 7ff7a3b23f2b-7ff7a3b23f3f call 7ff7a3b290c0 499->513 523 7ff7a3b24043-7ff7a3b2405b call 7ff7a3b26fb0 call 7ff7a3b26d60 500->523 501->500 507 7ff7a3b23e2d-7ff7a3b23e2f 503->507 508 7ff7a3b23e23-7ff7a3b23e2b 503->508 515 7ff7a3b23ef2-7ff7a3b23efc call 7ff7a3b28b30 504->515 516 7ff7a3b23e42-7ff7a3b23e48 504->516 507->504 508->507 526 7ff7a3b23f41-7ff7a3b23f5e PostMessageW GetMessageW 513->526 527 7ff7a3b23f64-7ff7a3b23fa7 call 7ff7a3b28b30 call 7ff7a3b28bd0 call 7ff7a3b26fb0 call 7ff7a3b26d60 call 7ff7a3b28ad0 513->527 515->493 516->515 520 7ff7a3b23e4e-7ff7a3b23e54 516->520 524 7ff7a3b23e5f-7ff7a3b23e61 520->524 525 7ff7a3b23e56-7ff7a3b23e58 520->525 524->493 530 7ff7a3b23e67-7ff7a3b23e83 call 7ff7a3b26db0 call 7ff7a3b27330 524->530 525->530 531 7ff7a3b23e5a 525->531 526->527 565 7ff7a3b23fe9-7ff7a3b23ff7 call 7ff7a3b21900 527->565 566 7ff7a3b23fa9-7ff7a3b23fb3 call 7ff7a3b29200 527->566 543 7ff7a3b23e8e-7ff7a3b23e95 530->543 544 7ff7a3b23e85-7ff7a3b23e8c 530->544 531->493 547 7ff7a3b23e97-7ff7a3b23ea4 call 7ff7a3b26df0 543->547 548 7ff7a3b23eaf-7ff7a3b23eb9 call 7ff7a3b271a0 543->548 546 7ff7a3b23edb-7ff7a3b23ef0 call 7ff7a3b22a50 call 7ff7a3b26fb0 call 7ff7a3b26d60 544->546 546->493 547->548 559 7ff7a3b23ea6-7ff7a3b23ead 547->559 560 7ff7a3b23ebb-7ff7a3b23ec2 548->560 561 7ff7a3b23ec4-7ff7a3b23ed2 call 7ff7a3b274e0 548->561 559->546 560->546 561->493 573 7ff7a3b23ed4 561->573 565->477 566->565 575 7ff7a3b23fb5-7ff7a3b23fca 566->575 573->546 576 7ff7a3b23fcc-7ff7a3b23fdf call 7ff7a3b22710 call 7ff7a3b21900 575->576 577 7ff7a3b23fe4 call 7ff7a3b22a50 575->577 576->477 577->565
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                          • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                          • API String ID: 2776309574-4232158417
                                                                                                                                                                                                          • Opcode ID: c0a66ebca772141f760a29a0dd77fc68e5502f7a94feb123d2d63e937376cc0c
                                                                                                                                                                                                          • Instruction ID: 53ce9c9849c80e0d2636dd54c143d3d4c0c5048146af0c50f8aba3672211b58f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0a66ebca772141f760a29a0dd77fc68e5502f7a94feb123d2d63e937376cc0c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B32C321A0E6C251FA95FFA094557B9A253AF44780FC64232EACD632F6DF3EE554C320
                                                                                                                                                                                                          Function 00007FF8B6171956 Relevance: 44.5, APIs: 18, Strings: 7, Instructions: 785COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: D_sizeO_memcmpR_flagsX_cipherX_md
                                                                                                                                                                                                          • String ID: $..\s\ssl\record\ssl3_record.c$CONNE$GET $HEAD $POST $PUT
                                                                                                                                                                                                          • API String ID: 2456506815-3985260174
                                                                                                                                                                                                          • Opcode ID: ff63ad79296eaf92fcf052475543cb04908749e2f6ca8c1875eeda6e67615c47
                                                                                                                                                                                                          • Instruction ID: 8b9fb621b0aa5b665f54e60fc4fb164516e5b97568cfa14f795cd48c9b13eff1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff63ad79296eaf92fcf052475543cb04908749e2f6ca8c1875eeda6e67615c47
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB72AD72B0864A86FB608F19D4447BA37A9EB84BC9F184175DB8D4BB96CF7DE580C700
                                                                                                                                                                                                          Function 00007FF8B6172207 Relevance: 40.5, APIs: 18, Strings: 5, Instructions: 211COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 815 7ff8b6172207-7ff8b6194d62 call 7ff8b61712ee 819 7ff8b6194d94-7ff8b6194d9b call 7ff8b6171073 815->819 820 7ff8b6194d64-7ff8b6194d7d ERR_put_error 815->820 823 7ff8b6194da0-7ff8b6194da2 819->823 821 7ff8b6194d82-7ff8b6194d93 820->821 823->821 824 7ff8b6194da4-7ff8b6194db0 call 7ff8b6171d9d 823->824 827 7ff8b6194db2-7ff8b6194dcf ERR_put_error 824->827 828 7ff8b6194e18-7ff8b6194e35 CRYPTO_zalloc 824->828 829 7ff8b6194dd4-7ff8b6194dd9 827->829 828->829 830 7ff8b6194e37-7ff8b6194e7c CRYPTO_THREAD_lock_new 828->830 831 7ff8b6194ddf-7ff8b6194dfc ERR_put_error call 7ff8b617214e 829->831 834 7ff8b6194eb8-7ff8b6194ed8 call 7ff8b61724e1 830->834 835 7ff8b6194e7e-7ff8b6194eb3 ERR_put_error CRYPTO_free 830->835 836 7ff8b6194e01 831->836 834->829 840 7ff8b6194ede-7ff8b6194ef8 OPENSSL_LH_new 834->840 835->836 837 7ff8b6194e03-7ff8b6194e17 836->837 840->829 841 7ff8b6194efe-7ff8b6194f0a call 7ff8b61dd72f 840->841 841->829 844 7ff8b6194f10-7ff8b6194f1f call 7ff8b61ddab3 841->844 844->829 847 7ff8b6194f25-7ff8b6194f36 call 7ff8b6172419 844->847 847->829 850 7ff8b6194f3c-7ff8b6194f6b call 7ff8b6171ebf 847->850 853 7ff8b6194f71-7ff8b6194f7c OPENSSL_sk_num 850->853 854 7ff8b6195138-7ff8b6195143 850->854 853->854 855 7ff8b6194f82-7ff8b6194f91 call 7ff8b61dd9e7 853->855 854->831 855->829 858 7ff8b6194f97-7ff8b6194fad EVP_get_digestbyname 855->858 859 7ff8b6194fbf-7ff8b6194fd5 EVP_get_digestbyname 858->859 860 7ff8b6194faf-7ff8b6194fba 858->860 861 7ff8b6194fe7-7ff8b6194ff6 OPENSSL_sk_new_null 859->861 862 7ff8b6194fd7-7ff8b6194fe2 859->862 860->831 861->829 863 7ff8b6194ffc-7ff8b619500b OPENSSL_sk_new_null 861->863 862->831 863->829 864 7ff8b6195011-7ff8b6195027 CRYPTO_new_ex_data 863->864 864->829 865 7ff8b619502d-7ff8b619504e call 7ff8b61dd981 864->865 865->829 868 7ff8b6195054-7ff8b619505f 865->868 869 7ff8b6195061-7ff8b6195066 call 7ff8b617129e 868->869 870 7ff8b619506d-7ff8b6195096 RAND_bytes 868->870 869->870 872 7ff8b61950c6 870->872 873 7ff8b6195098-7ff8b61950ab RAND_priv_bytes 870->873 876 7ff8b61950d0-7ff8b61950e3 RAND_priv_bytes 872->876 873->872 875 7ff8b61950ad-7ff8b61950c4 RAND_priv_bytes 873->875 875->872 875->876 876->829 877 7ff8b61950e9-7ff8b61950f3 call 7ff8b61712d5 876->877 877->829 880 7ff8b61950f9-7ff8b6195133 call 7ff8b6171f3c 877->880 880->837
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$ALL:!COMPLEMENTOFDEFAULT:!eNULL$TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256$ssl3-md5$ssl3-sha1
                                                                                                                                                                                                          • API String ID: 1767461275-1115027282
                                                                                                                                                                                                          • Opcode ID: f52f689ef5e56a451a8d4ca604dbf800eb249abd5a24eef8a10b397656324fe4
                                                                                                                                                                                                          • Instruction ID: 589fb54e3fb95a502b1faac8571b7c8bbc5226830cdf713669c331ac5d6fcd04
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f52f689ef5e56a451a8d4ca604dbf800eb249abd5a24eef8a10b397656324fe4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6A14972A0AB8281FB60DF29E4553B826A0EF44B88F4801B5DB8D5B7D6EF3CE555C310
                                                                                                                                                                                                          Function 00007FF8B617214E Relevance: 36.8, APIs: 20, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_free$L_sk_free$L_sk_pop_free$E_free$D_lock_freeE_finishH_freeO_free_ex_dataO_secure_freeX509_
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 4271332762-1080266419
                                                                                                                                                                                                          • Opcode ID: 7a1cef35fcc74aa7a62b6b196fe9f4732b55003a8abf51a64f85266db3aec730
                                                                                                                                                                                                          • Instruction ID: 3ebd7cb8ce3997da4a6c5a5c5751ce9553dc9d5e8cbc81de596f1f8bcb5716a0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a1cef35fcc74aa7a62b6b196fe9f4732b55003a8abf51a64f85266db3aec730
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3410C62E1AA8291EB64EF3ED4557FC2321EB84BC8F0451B1EF0D4F2A6CE6CE5458350
                                                                                                                                                                                                          Function 00007FF8B6171393 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 352COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 978 7ff8b6171393-7ff8b61be967 call 7ff8b61712ee OPENSSL_sk_new_null 982 7ff8b61be969-7ff8b61be978 978->982 983 7ff8b61be97d-7ff8b61be98c 978->983 984 7ff8b61beec4 982->984 985 7ff8b61be9c7-7ff8b61be9cf 983->985 986 7ff8b61be98e-7ff8b61be995 983->986 987 7ff8b61beecb-7ff8b61beed9 call 7ff8b6171c8f 984->987 989 7ff8b61beeb3-7ff8b61beec0 985->989 990 7ff8b61be9d5-7ff8b61bea05 985->990 986->985 988 7ff8b61be997-7ff8b61be99c 986->988 994 7ff8b61beede 987->994 988->985 992 7ff8b61be99e-7ff8b61be9a5 988->992 989->984 990->989 993 7ff8b61bea0b-7ff8b61bea0e 990->993 992->989 995 7ff8b61be9ab-7ff8b61be9c1 992->995 993->989 996 7ff8b61bea14-7ff8b61bea1e 993->996 997 7ff8b61beee6-7ff8b61bef16 X509_free OPENSSL_sk_pop_free 994->997 995->985 995->989 998 7ff8b61bea20-7ff8b61bea24 996->998 999 7ff8b61bee8a-7ff8b61beeb1 call 7ff8b6171c8f 998->999 1000 7ff8b61bea2a-7ff8b61bea5b 998->1000 999->994 1000->999 1002 7ff8b61bea61-7ff8b61bea86 d2i_X509 1000->1002 1004 7ff8b61bee77-7ff8b61bee88 1002->1004 1005 7ff8b61bea8c-7ff8b61bea95 1002->1005 1004->987 1006 7ff8b61bee64-7ff8b61bee75 1005->1006 1007 7ff8b61bea9b-7ff8b61beaaa 1005->1007 1006->987 1008 7ff8b61beab0-7ff8b61beab7 1007->1008 1009 7ff8b61bebb9-7ff8b61bebce OPENSSL_sk_push 1007->1009 1008->1009 1010 7ff8b61beabd-7ff8b61beac2 1008->1010 1011 7ff8b61bebd4-7ff8b61bebde 1009->1011 1012 7ff8b61bee3b-7ff8b61bee5f call 7ff8b6171c8f 1009->1012 1010->1009 1013 7ff8b61beac8-7ff8b61beae6 1010->1013 1011->998 1015 7ff8b61bebe4-7ff8b61bebf7 call 7ff8b61723b5 1011->1015 1012->997 1017 7ff8b61bec4e-7ff8b61bec61 1013->1017 1018 7ff8b61beaec-7ff8b61beb14 1013->1018 1022 7ff8b61bec66-7ff8b61bec6e ERR_clear_error 1015->1022 1023 7ff8b61bebf9-7ff8b61bebfb 1015->1023 1017->987 1018->1017 1021 7ff8b61beb1a-7ff8b61beb6b call 7ff8b617174e 1018->1021 1030 7ff8b61bec33-7ff8b61bec49 CRYPTO_free 1021->1030 1031 7ff8b61beb71-7ff8b61beb9d call 7ff8b6172414 1021->1031 1027 7ff8b61bec70-7ff8b61bec96 call 7ff8b6171c8f 1022->1027 1028 7ff8b61bec9b-7ff8b61becc7 OPENSSL_sk_value X509_get0_pubkey 1022->1028 1023->1022 1025 7ff8b61bebfd-7ff8b61bec26 call 7ff8b617221b call 7ff8b6171c8f 1023->1025 1045 7ff8b61bec2b-7ff8b61bec2e 1025->1045 1027->997 1033 7ff8b61bee0d-7ff8b61bee36 call 7ff8b6171c8f 1028->1033 1034 7ff8b61beccd-7ff8b61becd7 call 7ff8b61ddb49 1028->1034 1030->994 1031->1030 1046 7ff8b61beba3-7ff8b61bebb4 CRYPTO_free 1031->1046 1033->997 1034->1033 1044 7ff8b61becdd-7ff8b61becf0 call 7ff8b6171dde 1034->1044 1049 7ff8b61becf2-7ff8b61bed17 call 7ff8b6171c8f 1044->1049 1050 7ff8b61bed1c-7ff8b61bed2b 1044->1050 1045->997 1046->1009 1049->997 1052 7ff8b61bed3d-7ff8b61bed51 1050->1052 1053 7ff8b61bed2d-7ff8b61bed34 1050->1053 1056 7ff8b61bed53-7ff8b61bed7a call 7ff8b6171c8f 1052->1056 1057 7ff8b61bed7f-7ff8b61bedcd X509_free X509_up_ref 1052->1057 1053->1052 1055 7ff8b61bed36-7ff8b61bed3b 1053->1055 1055->1052 1055->1057 1056->997 1058 7ff8b61bee03-7ff8b61bee08 1057->1058 1059 7ff8b61bedcf-7ff8b61bedd6 1057->1059 1058->997 1059->1058 1061 7ff8b61bedd8-7ff8b61beddd 1059->1061 1061->1058 1063 7ff8b61beddf-7ff8b61bedfd call 7ff8b6172487 1061->1063 1063->997 1063->1058
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: L_sk_new_nullL_sk_pop_freeX509X509_freed2i_
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                          • API String ID: 1068509327-1507966698
                                                                                                                                                                                                          • Opcode ID: 7d81409ced07da4c62dc47a3620ad54cac8200b5420088f0f84b8d5179918789
                                                                                                                                                                                                          • Instruction ID: bea5f374661f47692837368625ec6aa049e2664c7a2ea388ce17664a9805aaa6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d81409ced07da4c62dc47a3620ad54cac8200b5420088f0f84b8d5179918789
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EE1B072B08A8186E760DB1AE4406AD7BA9EB84BD4F0C4175EF8C4BB95DF3DE551CB00
                                                                                                                                                                                                          Function 00007FF7A3B469D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 1567 7ff7a3b469d4-7ff7a3b46a47 call 7ff7a3b46708 1570 7ff7a3b46a49-7ff7a3b46a52 call 7ff7a3b34f58 1567->1570 1571 7ff7a3b46a61-7ff7a3b46a6b call 7ff7a3b38590 1567->1571 1576 7ff7a3b46a55-7ff7a3b46a5c call 7ff7a3b34f78 1570->1576 1577 7ff7a3b46a6d-7ff7a3b46a84 call 7ff7a3b34f58 call 7ff7a3b34f78 1571->1577 1578 7ff7a3b46a86-7ff7a3b46aef CreateFileW 1571->1578 1591 7ff7a3b46da2-7ff7a3b46dc2 1576->1591 1577->1576 1579 7ff7a3b46b6c-7ff7a3b46b77 GetFileType 1578->1579 1580 7ff7a3b46af1-7ff7a3b46af7 1578->1580 1586 7ff7a3b46bca-7ff7a3b46bd1 1579->1586 1587 7ff7a3b46b79-7ff7a3b46bb4 GetLastError call 7ff7a3b34eec CloseHandle 1579->1587 1583 7ff7a3b46b39-7ff7a3b46b67 GetLastError call 7ff7a3b34eec 1580->1583 1584 7ff7a3b46af9-7ff7a3b46afd 1580->1584 1583->1576 1584->1583 1589 7ff7a3b46aff-7ff7a3b46b37 CreateFileW 1584->1589 1594 7ff7a3b46bd9-7ff7a3b46bdc 1586->1594 1595 7ff7a3b46bd3-7ff7a3b46bd7 1586->1595 1587->1576 1602 7ff7a3b46bba-7ff7a3b46bc5 call 7ff7a3b34f78 1587->1602 1589->1579 1589->1583 1596 7ff7a3b46be2-7ff7a3b46c37 call 7ff7a3b384a8 1594->1596 1597 7ff7a3b46bde 1594->1597 1595->1596 1605 7ff7a3b46c39-7ff7a3b46c45 call 7ff7a3b46910 1596->1605 1606 7ff7a3b46c56-7ff7a3b46c87 call 7ff7a3b46488 1596->1606 1597->1596 1602->1576 1605->1606 1612 7ff7a3b46c47 1605->1612 1613 7ff7a3b46c89-7ff7a3b46c8b 1606->1613 1614 7ff7a3b46c8d-7ff7a3b46ccf 1606->1614 1615 7ff7a3b46c49-7ff7a3b46c51 call 7ff7a3b3ab30 1612->1615 1613->1615 1616 7ff7a3b46cf1-7ff7a3b46cfc 1614->1616 1617 7ff7a3b46cd1-7ff7a3b46cd5 1614->1617 1615->1591 1619 7ff7a3b46d02-7ff7a3b46d06 1616->1619 1620 7ff7a3b46da0 1616->1620 1617->1616 1618 7ff7a3b46cd7-7ff7a3b46cec 1617->1618 1618->1616 1619->1620 1622 7ff7a3b46d0c-7ff7a3b46d51 CloseHandle CreateFileW 1619->1622 1620->1591 1624 7ff7a3b46d86-7ff7a3b46d9b 1622->1624 1625 7ff7a3b46d53-7ff7a3b46d81 GetLastError call 7ff7a3b34eec call 7ff7a3b386d0 1622->1625 1624->1620 1625->1624
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1617910340-0
                                                                                                                                                                                                          • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                          • Instruction ID: 9cf020fd2218fdc4c688cda461dca8970ef47dab443255f969903b25981f88fc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63C1F236B29A5186FB90EF64C4812AC7762F748B98B424235DFAEA77E4CF39D411C310
                                                                                                                                                                                                          Function 00007FF8B6171073 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: D_run_once$R_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_init.c
                                                                                                                                                                                                          • API String ID: 511881677-1166085723
                                                                                                                                                                                                          • Opcode ID: fd329f3d3c4ac018813aac7fd218cde1706058dba49e64e5e4a2f582db8a53f4
                                                                                                                                                                                                          • Instruction ID: 12fa457ac9f9b8e34aed84265c3294ad33973386110f6274d2b174e64c309b1b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd329f3d3c4ac018813aac7fd218cde1706058dba49e64e5e4a2f582db8a53f4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C22126A9F096039AFA119B2DE8442B926A1AFD03C4F4541B5DB0D832E5EF3DE9568B00
                                                                                                                                                                                                          Function 00007FF7A3B292F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                          • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                          • Instruction ID: bcddbf3ea577ed54b8022e2992a5134d83d4a1726061a69f7582b6174296c77d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DF0CD22629781C7F7E09F90B449B66B351AB48324F450335DAED116E4DF3DD1588710
                                                                                                                                                                                                          Function 00007FF8B7832110 Relevance: 172.6, APIs: 97, Strings: 1, Instructions: 1123COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • PyImport_Import.PYTHON310(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00007FF8B7828F29), ref: 00007FF8B7832132
                                                                                                                                                                                                          • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00007FF8B7828F29), ref: 00007FF8B783215D
                                                                                                                                                                                                          • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00007FF8B7828F29), ref: 00007FF8B78321A5
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2237255441.00007FF8B7821000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF8B7820000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237222809.00007FF8B7820000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237289405.00007FF8B7835000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237332601.00007FF8B783B000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237368731.00007FF8B783F000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b7820000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Dealloc$ImportImport_
                                                                                                                                                                                                          • String ID: <module>
                                                                                                                                                                                                          • API String ID: 2397823689-217463007
                                                                                                                                                                                                          • Opcode ID: 4b8dbb5d4d9357086519af80a4166a2e12286026398b66c1b9eb52724a73e3ac
                                                                                                                                                                                                          • Instruction ID: 351309aea59f036158d1b16c0cf8c7eda7142c81a700c387eb5798f0483473a0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b8dbb5d4d9357086519af80a4166a2e12286026398b66c1b9eb52724a73e3ac
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6C2F165B89B4785FA119B2DE8542BC2BA0BF4CBD6F464835EB4D177B0EF3CA5418308
                                                                                                                                                                                                          Function 00007FF8B7828E50 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 143COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 900 7ff8b7828e50-7ff8b7828e68 901 7ff8b7828e6a-7ff8b7828e77 900->901 902 7ff8b7828e78-7ff8b7828e97 PyModule_Create2 900->902 903 7ff8b7828e9d-7ff8b7828ec4 PyObject_GetAttrString PyModule_GetDict 902->903 904 7ff8b7828f55-7ff8b7828f58 902->904 907 7ff8b7828eca-7ff8b7828ed0 903->907 908 7ff8b7828f4e 903->908 905 7ff8b7828f5a-7ff8b7828f65 904->905 906 7ff8b7828f6d-7ff8b7828f70 904->906 905->906 909 7ff8b7828f67 _Py_Dealloc 905->909 912 7ff8b7828f72-7ff8b7828f76 906->912 913 7ff8b7828f81-7ff8b7828f8b 906->913 910 7ff8b7828ed2-7ff8b7828f18 call 7ff8b7824380 907->910 911 7ff8b7828f24 call 7ff8b7832110 907->911 908->904 909->906 910->908 928 7ff8b7828f1a 910->928 919 7ff8b7828f29-7ff8b7828f2b 911->919 912->913 915 7ff8b7828f78-7ff8b7828f7b _Py_Dealloc 912->915 916 7ff8b7828f8d-7ff8b7828f98 913->916 917 7ff8b7828fa0-7ff8b7828faa 913->917 915->913 916->917 923 7ff8b7828f9a _Py_Dealloc 916->923 920 7ff8b7828fbf-7ff8b7828fc9 917->920 921 7ff8b7828fac-7ff8b7828fb7 917->921 919->908 927 7ff8b7828f2d-7ff8b7828f31 919->927 925 7ff8b7828fcb-7ff8b7828fd6 920->925 926 7ff8b7828fde-7ff8b7828fe8 920->926 921->920 924 7ff8b7828fb9 _Py_Dealloc 921->924 923->917 924->920 925->926 931 7ff8b7828fd8 _Py_Dealloc 925->931 932 7ff8b7828fea-7ff8b7828ff5 926->932 933 7ff8b7828ffd-7ff8b7829007 926->933 929 7ff8b7828f3c-7ff8b7828f4d 927->929 930 7ff8b7828f33-7ff8b7828f36 _Py_Dealloc 927->930 928->911 930->929 931->926 932->933 934 7ff8b7828ff7 _Py_Dealloc 932->934 935 7ff8b7829009-7ff8b7829014 933->935 936 7ff8b782901c-7ff8b7829026 933->936 934->933 935->936 937 7ff8b7829016 _Py_Dealloc 935->937 938 7ff8b782903b-7ff8b7829045 936->938 939 7ff8b7829028-7ff8b7829033 936->939 937->936 941 7ff8b782905a-7ff8b7829064 938->941 942 7ff8b7829047-7ff8b7829052 938->942 939->938 940 7ff8b7829035 _Py_Dealloc 939->940 940->938 944 7ff8b7829079-7ff8b7829083 941->944 945 7ff8b7829066-7ff8b7829071 941->945 942->941 943 7ff8b7829054 _Py_Dealloc 942->943 943->941 947 7ff8b7829098-7ff8b78290a2 944->947 948 7ff8b7829085-7ff8b7829090 944->948 945->944 946 7ff8b7829073 _Py_Dealloc 945->946 946->944 950 7ff8b78290b7-7ff8b78290c3 947->950 951 7ff8b78290a4-7ff8b78290af 947->951 948->947 949 7ff8b7829092 _Py_Dealloc 948->949 949->947 951->950 952 7ff8b78290b1 _Py_Dealloc 951->952 952->950
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2237255441.00007FF8B7821000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF8B7820000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237222809.00007FF8B7820000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237289405.00007FF8B7835000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237332601.00007FF8B783B000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237368731.00007FF8B783F000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b7820000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Module_$AttrCreate2DeallocDictObject_String
                                                                                                                                                                                                          • String ID: __name__
                                                                                                                                                                                                          • API String ID: 2272293537-3954359393
                                                                                                                                                                                                          • Opcode ID: 2b567a7c881d963cd7303037faac8015580bb144e77f0881aa286837176c8575
                                                                                                                                                                                                          • Instruction ID: 7a24180b85561587ac8da444b42a460bdbc63fd725e2a561f28bbbde41eb6415
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b567a7c881d963cd7303037faac8015580bb144e77f0881aa286837176c8575
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B571D235F8AB0685FE558B6DB84423C3BA4BF98BD2F4A4935EB1D52670DF3DA4418308
                                                                                                                                                                                                          Function 00007FF8B7824800 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2237255441.00007FF8B7821000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF8B7820000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237222809.00007FF8B7820000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237289405.00007FF8B7835000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237332601.00007FF8B783B000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237368731.00007FF8B783F000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b7820000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Dealloc$ItemObject_$Err_FormatFromImportObjectUnicode_$AttrClearDict_ErrorFilenameImport_LevelModuleModule_
                                                                                                                                                                                                          • String ID: %U.%U$cannot import name %R from %R (%S)
                                                                                                                                                                                                          • API String ID: 3630264407-438398067
                                                                                                                                                                                                          • Opcode ID: b9d92fd51dd81396953d85bf7560aa1763baa6a1e8264a02926bb4c6a25205f7
                                                                                                                                                                                                          • Instruction ID: 5b24b8b9d667e197236939eaed76432445b1d26dd1fd1bc585b3b0ddab3f1e49
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9d92fd51dd81396953d85bf7560aa1763baa6a1e8264a02926bb4c6a25205f7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB418E62B49B8281EA149B2EA80467E6BA0FB49FC6F554434DF4D47774DF3CE8458318
                                                                                                                                                                                                          Function 00007FF7A3B21950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 1066 7ff7a3b21950-7ff7a3b2198b call 7ff7a3b245b0 1069 7ff7a3b21c4e-7ff7a3b21c72 call 7ff7a3b2c5c0 1066->1069 1070 7ff7a3b21991-7ff7a3b219d1 call 7ff7a3b27f80 1066->1070 1075 7ff7a3b219d7-7ff7a3b219e7 call 7ff7a3b30744 1070->1075 1076 7ff7a3b21c3b-7ff7a3b21c3e call 7ff7a3b300bc 1070->1076 1081 7ff7a3b21a08-7ff7a3b21a24 call 7ff7a3b3040c 1075->1081 1082 7ff7a3b219e9-7ff7a3b21a03 call 7ff7a3b34f78 call 7ff7a3b22910 1075->1082 1080 7ff7a3b21c43-7ff7a3b21c4b 1076->1080 1080->1069 1088 7ff7a3b21a26-7ff7a3b21a40 call 7ff7a3b34f78 call 7ff7a3b22910 1081->1088 1089 7ff7a3b21a45-7ff7a3b21a5a call 7ff7a3b34f98 1081->1089 1082->1076 1088->1076 1095 7ff7a3b21a5c-7ff7a3b21a76 call 7ff7a3b34f78 call 7ff7a3b22910 1089->1095 1096 7ff7a3b21a7b-7ff7a3b21afc call 7ff7a3b21c80 * 2 call 7ff7a3b30744 1089->1096 1095->1076 1108 7ff7a3b21b01-7ff7a3b21b14 call 7ff7a3b34fb4 1096->1108 1111 7ff7a3b21b16-7ff7a3b21b30 call 7ff7a3b34f78 call 7ff7a3b22910 1108->1111 1112 7ff7a3b21b35-7ff7a3b21b4e call 7ff7a3b3040c 1108->1112 1111->1076 1118 7ff7a3b21b50-7ff7a3b21b6a call 7ff7a3b34f78 call 7ff7a3b22910 1112->1118 1119 7ff7a3b21b6f-7ff7a3b21b8b call 7ff7a3b30180 1112->1119 1118->1076 1126 7ff7a3b21b9e-7ff7a3b21bac 1119->1126 1127 7ff7a3b21b8d-7ff7a3b21b99 call 7ff7a3b22710 1119->1127 1126->1076 1129 7ff7a3b21bb2-7ff7a3b21bb9 1126->1129 1127->1076 1132 7ff7a3b21bc1-7ff7a3b21bc7 1129->1132 1133 7ff7a3b21bc9-7ff7a3b21bd6 1132->1133 1134 7ff7a3b21be0-7ff7a3b21bef 1132->1134 1135 7ff7a3b21bf1-7ff7a3b21bfa 1133->1135 1134->1134 1134->1135 1136 7ff7a3b21bfc-7ff7a3b21bff 1135->1136 1137 7ff7a3b21c0f 1135->1137 1136->1137 1138 7ff7a3b21c01-7ff7a3b21c04 1136->1138 1139 7ff7a3b21c11-7ff7a3b21c24 1137->1139 1138->1137 1140 7ff7a3b21c06-7ff7a3b21c09 1138->1140 1141 7ff7a3b21c2d-7ff7a3b21c39 1139->1141 1142 7ff7a3b21c26 1139->1142 1140->1137 1143 7ff7a3b21c0b-7ff7a3b21c0d 1140->1143 1141->1076 1141->1132 1142->1141 1143->1139
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B27F80: _fread_nolock.LIBCMT ref: 00007FF7A3B2802A
                                                                                                                                                                                                          • _fread_nolock.LIBCMT ref: 00007FF7A3B21A1B
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B22910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7A3B21B6A), ref: 00007FF7A3B2295E
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                          • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                          • API String ID: 2397952137-3497178890
                                                                                                                                                                                                          • Opcode ID: c8a0a089e3ca590a9fb52c076af70129de3e5917c30b35a6c99145ef6d8afee0
                                                                                                                                                                                                          • Instruction ID: 4c985985b847523fd6c12ff3a3e9cf7e235490be1990d3d1de967c07aaedcfe8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8a0a089e3ca590a9fb52c076af70129de3e5917c30b35a6c99145ef6d8afee0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1081C471A0E6C286E7A0FF54D0416F9A3A2EF44780F864131EACD67BB5DE3EE1458720
                                                                                                                                                                                                          Function 00007FF7A3B22180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                          • String ID: P%
                                                                                                                                                                                                          • API String ID: 2147705588-2959514604
                                                                                                                                                                                                          • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                          • Instruction ID: 1ec7627d4a297d747e848d78c5bb03259351a33882b051fb626e2e4ead7c5561
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD5107266047A187D6749F26F4181BAF7A2F798B61F004125EBDE43794DF3DD045CB20
                                                                                                                                                                                                          Function 00007FF8B6171CF3 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 248COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 1154 7ff8b6171cf3-7ff8b61b67b4 call 7ff8b61712ee * 2 1161 7ff8b61b6b41-7ff8b61b6b5b 1154->1161 1162 7ff8b61b67ba-7ff8b61b67d1 ERR_clear_error SetLastError 1154->1162 1163 7ff8b61b67d3-7ff8b61b67da 1162->1163 1164 7ff8b61b67e1-7ff8b61b67e8 1162->1164 1163->1164 1165 7ff8b61b67f6-7ff8b61b6803 1164->1165 1166 7ff8b61b67ea-7ff8b61b67ee 1164->1166 1168 7ff8b61b6815-7ff8b61b681a 1165->1168 1169 7ff8b61b6805-7ff8b61b680f call 7ff8b617188e 1165->1169 1167 7ff8b61b67f0-7ff8b61b67f4 1166->1167 1166->1168 1167->1165 1167->1168 1171 7ff8b61b6826 1168->1171 1172 7ff8b61b681c-7ff8b61b681f 1168->1172 1169->1161 1169->1168 1173 7ff8b61b682a-7ff8b61b6831 1171->1173 1172->1173 1175 7ff8b61b6821 1172->1175 1176 7ff8b61b6833-7ff8b61b6841 1173->1176 1177 7ff8b61b687b-7ff8b61b6890 1173->1177 1178 7ff8b61b6a40-7ff8b61b6a43 1175->1178 1179 7ff8b61b6843-7ff8b61b684a 1176->1179 1180 7ff8b61b686d-7ff8b61b6875 1176->1180 1183 7ff8b61b6892-7ff8b61b689c 1177->1183 1184 7ff8b61b68ef-7ff8b61b68f9 1177->1184 1181 7ff8b61b6a45-7ff8b61b6a48 call 7ff8b61b6290 1178->1181 1182 7ff8b61b6a58-7ff8b61b6a5b 1178->1182 1179->1180 1187 7ff8b61b684c-7ff8b61b685b 1179->1187 1180->1177 1198 7ff8b61b6a4d-7ff8b61b6a50 1181->1198 1188 7ff8b61b6a97-7ff8b61b6a9b 1182->1188 1189 7ff8b61b6a5d-7ff8b61b6a60 call 7ff8b61b6d40 1182->1189 1185 7ff8b61b6905-7ff8b61b691b call 7ff8b6171fa5 1183->1185 1191 7ff8b61b689e-7ff8b61b68a1 1183->1191 1184->1185 1186 7ff8b61b68fb-7ff8b61b6903 1184->1186 1215 7ff8b61b6927-7ff8b61b692e 1185->1215 1216 7ff8b61b691d-7ff8b61b6925 1185->1216 1194 7ff8b61b68b2-7ff8b61b68d0 ERR_put_error 1186->1194 1187->1180 1195 7ff8b61b685d-7ff8b61b6864 1187->1195 1199 7ff8b61b6aa2-7ff8b61b6ac8 ERR_put_error 1188->1199 1200 7ff8b61b6a9d-7ff8b61b6aa0 1188->1200 1208 7ff8b61b6a65-7ff8b61b6a68 1189->1208 1192 7ff8b61b68a3-7ff8b61b68a8 1191->1192 1193 7ff8b61b68aa 1191->1193 1192->1185 1192->1193 1193->1194 1204 7ff8b61b68d2-7ff8b61b68d6 1194->1204 1205 7ff8b61b68dc-7ff8b61b68ea 1194->1205 1195->1180 1207 7ff8b61b6866-7ff8b61b686b 1195->1207 1209 7ff8b61b6a56 1198->1209 1210 7ff8b61b6b17 1198->1210 1201 7ff8b61b6ad0-7ff8b61b6ae2 1199->1201 1202 7ff8b61b6aca-7ff8b61b6ace 1199->1202 1200->1199 1203 7ff8b61b6af5-7ff8b61b6b12 ERR_put_error 1200->1203 1201->1203 1211 7ff8b61b6ae4-7ff8b61b6af0 call 7ff8b6172171 1201->1211 1202->1201 1202->1203 1203->1210 1204->1205 1212 7ff8b61b6b1a-7ff8b61b6b28 BUF_MEM_free 1204->1212 1205->1212 1207->1177 1207->1180 1213 7ff8b61b6a6a-7ff8b61b6a7a 1208->1213 1214 7ff8b61b6a7c-7ff8b61b6a82 1208->1214 1217 7ff8b61b6a34-7ff8b61b6a3d 1209->1217 1210->1212 1211->1203 1212->1161 1219 7ff8b61b6b2a-7ff8b61b6b38 1212->1219 1213->1178 1214->1212 1220 7ff8b61b6a88-7ff8b61b6a92 1214->1220 1221 7ff8b61b6970-7ff8b61b697a call 7ff8b6171f5a 1215->1221 1222 7ff8b61b6930-7ff8b61b693b call 7ff8b61ddc0f 1215->1222 1216->1194 1217->1178 1224 7ff8b61b6b3a 1219->1224 1225 7ff8b61b6b3f 1219->1225 1220->1212 1229 7ff8b61b69c1-7ff8b61b69e0 call 7ff8b6171edd 1221->1229 1230 7ff8b61b697c 1221->1230 1231 7ff8b61b694a-7ff8b61b695a BUF_MEM_grow 1222->1231 1232 7ff8b61b693d-7ff8b61b6945 1222->1232 1224->1225 1225->1161 1240 7ff8b61b69e2-7ff8b61b69ea 1229->1240 1241 7ff8b61b69ec-7ff8b61b69f0 1229->1241 1235 7ff8b61b6984-7ff8b61b69a2 ERR_put_error 1230->1235 1233 7ff8b61b6969 1231->1233 1234 7ff8b61b695c-7ff8b61b6964 1231->1234 1232->1194 1233->1221 1234->1194 1237 7ff8b61b69a4-7ff8b61b69a8 1235->1237 1238 7ff8b61b69ae-7ff8b61b69bc 1235->1238 1237->1210 1237->1238 1238->1210 1240->1235 1242 7ff8b61b69f2-7ff8b61b69f6 1241->1242 1243 7ff8b61b69f8-7ff8b61b69ff 1241->1243 1242->1243 1244 7ff8b61b6a01-7ff8b61b6a0e call 7ff8b61717df 1242->1244 1243->1217 1243->1244 1244->1212 1247 7ff8b61b6a14-7ff8b61b6a22 1244->1247 1248 7ff8b61b6a24-7ff8b61b6a2b 1247->1248 1249 7ff8b61b6a2d 1247->1249 1248->1217 1248->1249 1249->1217
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error$ErrorLastM_freeM_growR_clear_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem.c
                                                                                                                                                                                                          • API String ID: 2562538362-2512360314
                                                                                                                                                                                                          • Opcode ID: c423cf16d77320108833097ff1234d8dd5fd3483e75dff8cff7ba81126dd7a66
                                                                                                                                                                                                          • Instruction ID: 59b0fb237d0dcdfb32fec8fc8da66f37ec29d3996283a384d4e0fc8265a6395e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c423cf16d77320108833097ff1234d8dd5fd3483e75dff8cff7ba81126dd7a66
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FAB17D72A08B4286FB649F29C4403B937A9EB51BC8F1C80B5DB4947695CF3DE885DB81
                                                                                                                                                                                                          Function 00007FF8B6171B45 Relevance: 14.6, APIs: 6, Strings: 2, Instructions: 571COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: memcpy$O_clear_flagsO_set_flags
                                                                                                                                                                                                          • String ID: ..\s\ssl\record\rec_layer_s3.c$SSL alert number
                                                                                                                                                                                                          • API String ID: 1692547093-34800109
                                                                                                                                                                                                          • Opcode ID: 3f7b08efb40acede6e7db4cb099754d1f20ad0c872ddb133913668b6976d7c20
                                                                                                                                                                                                          • Instruction ID: 7f02ed5938fb81c693fae1bde30a5934b3277b477f97f06d44f9e95c4c4482a1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f7b08efb40acede6e7db4cb099754d1f20ad0c872ddb133913668b6976d7c20
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B42ACB2B086828AEB788F19E5407BE7AA0FB457E4F144175DB9E47B90DF3DE4918700
                                                                                                                                                                                                          Function 00007FF7A3B21470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                          • API String ID: 2050909247-3659356012
                                                                                                                                                                                                          • Opcode ID: 689d6d22bbbe0075ee184b511634bee4b9e22409f5343f22a468899a6fe372b6
                                                                                                                                                                                                          • Instruction ID: ad35dd374e3baea934981cd4a80ac7685fa018567c2b24dca1834469d9454788
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 689d6d22bbbe0075ee184b511634bee4b9e22409f5343f22a468899a6fe372b6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C41A521A0A59286FA80EF6194015F9E392FF44784FC54532EECD27BB9DE3EE5018724
                                                                                                                                                                                                          Function 00007FF7A3B21210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 1630 7ff7a3b21210-7ff7a3b2126d call 7ff7a3b2bdf0 1633 7ff7a3b21297-7ff7a3b212af call 7ff7a3b34fb4 1630->1633 1634 7ff7a3b2126f-7ff7a3b21296 call 7ff7a3b22710 1630->1634 1639 7ff7a3b212b1-7ff7a3b212cf call 7ff7a3b34f78 call 7ff7a3b22910 1633->1639 1640 7ff7a3b212d4-7ff7a3b212e4 call 7ff7a3b34fb4 1633->1640 1651 7ff7a3b21439-7ff7a3b2146d call 7ff7a3b2bad0 call 7ff7a3b34fa0 * 2 1639->1651 1645 7ff7a3b21309-7ff7a3b2131b 1640->1645 1646 7ff7a3b212e6-7ff7a3b21304 call 7ff7a3b34f78 call 7ff7a3b22910 1640->1646 1650 7ff7a3b21320-7ff7a3b21345 call 7ff7a3b3040c 1645->1650 1646->1651 1658 7ff7a3b2134b-7ff7a3b21355 call 7ff7a3b30180 1650->1658 1659 7ff7a3b21431 1650->1659 1658->1659 1665 7ff7a3b2135b-7ff7a3b21367 1658->1665 1659->1651 1667 7ff7a3b21370-7ff7a3b21398 call 7ff7a3b2a230 1665->1667 1671 7ff7a3b2139a-7ff7a3b2139d 1667->1671 1672 7ff7a3b21416-7ff7a3b2142c call 7ff7a3b22710 1667->1672 1673 7ff7a3b2139f-7ff7a3b213a9 1671->1673 1674 7ff7a3b21411 1671->1674 1672->1659 1676 7ff7a3b213ab-7ff7a3b213b9 call 7ff7a3b30b4c 1673->1676 1677 7ff7a3b213d4-7ff7a3b213d7 1673->1677 1674->1672 1682 7ff7a3b213be-7ff7a3b213c1 1676->1682 1679 7ff7a3b213ea-7ff7a3b213ef 1677->1679 1680 7ff7a3b213d9-7ff7a3b213e7 call 7ff7a3b49ea0 1677->1680 1679->1667 1681 7ff7a3b213f5-7ff7a3b213f8 1679->1681 1680->1679 1685 7ff7a3b213fa-7ff7a3b213fd 1681->1685 1686 7ff7a3b2140c-7ff7a3b2140f 1681->1686 1687 7ff7a3b213cf-7ff7a3b213d2 1682->1687 1688 7ff7a3b213c3-7ff7a3b213cd call 7ff7a3b30180 1682->1688 1685->1672 1689 7ff7a3b213ff-7ff7a3b21407 1685->1689 1686->1659 1687->1672 1688->1679 1688->1687 1689->1650
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                          • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                          • API String ID: 2050909247-2813020118
                                                                                                                                                                                                          • Opcode ID: 6d5808cc0d1dceb6cab22bc5ec620fda501ad4cc24dd5ec08cb7c541ead490ed
                                                                                                                                                                                                          • Instruction ID: abee2a252b6583f0299ea6bfa252d85ab537f802ea849ed4ad626dc088f10ecc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d5808cc0d1dceb6cab22bc5ec620fda501ad4cc24dd5ec08cb7c541ead490ed
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB51E622A0A68281E6A4FF51A4007BAE292BF85794FC54231EDCD67BF5DE3DE505C710
                                                                                                                                                                                                          Function 00007FF7A3B236B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,00007FF7A3B23804), ref: 00007FF7A3B236E1
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7A3B23804), ref: 00007FF7A3B236EB
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B22C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7A3B23706,?,00007FF7A3B23804), ref: 00007FF7A3B22C9E
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B22C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7A3B23706,?,00007FF7A3B23804), ref: 00007FF7A3B22D63
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B22C50: MessageBoxW.USER32 ref: 00007FF7A3B22D99
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                          • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                          • API String ID: 3187769757-2863816727
                                                                                                                                                                                                          • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                          • Instruction ID: abf5afe994366ca9a260bd1075303f90bb5c3ed1f160f21507332d6845244ae8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC21B651B0E58251FAE0BF60E801BB5A252BF84744FC10332E5DDA65F5EE3EE204C724
                                                                                                                                                                                                          Function 00007FF7A3B3BACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                          • Opcode ID: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                                          • Instruction ID: 0d4033c6dd48f79de188da7ee29b012e0cc29fe15cba9e53705d7d0bcf761cf7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CC1D82290E6A6D2E7A8EF1594012BDA752EB41B80FD74131EACD13FB5CF7EE4458320
                                                                                                                                                                                                          Function 00007FF7A3B26350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                          • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                          • API String ID: 2050909247-2434346643
                                                                                                                                                                                                          • Opcode ID: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                          • Instruction ID: 3f06120c831e08775c9ce2f50d5e9c12b6e621684da2b095997ca2333ae2b92a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A441A521A1EAC691EA91FF50E4156E9A312FF54340FC10232DADC676B5EF3DE505C760
                                                                                                                                                                                                          Function 00007FF8B6171497 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: memcpy$ErrorLastO_read
                                                                                                                                                                                                          • String ID: ..\s\ssl\record\rec_layer_s3.c
                                                                                                                                                                                                          • API String ID: 1958097105-2209325370
                                                                                                                                                                                                          • Opcode ID: 83668bf32006c5783a5dc4ffc212bfc49eadf443eaa9813d3b7cb11514e49313
                                                                                                                                                                                                          • Instruction ID: 0c4e9ecc119274225a26284b4cf75665db1bfd594d4f6dce1650119c687b6f15
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83668bf32006c5783a5dc4ffc212bfc49eadf443eaa9813d3b7cb11514e49313
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00818FB2E0BA9985EB509E29D4443B92BA5FB40FE8F584176DF8C47B88DF39D446C340
                                                                                                                                                                                                          Function 00007FF7A3B22390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                          • String ID: Unhandled exception in script
                                                                                                                                                                                                          • API String ID: 3081866767-2699770090
                                                                                                                                                                                                          • Opcode ID: dd10c28d74256616f4f20b34f0e4914686707bcd8d030bd0fddff274f11205b5
                                                                                                                                                                                                          • Instruction ID: 9502c7688f716fa3c1f4d6947e7fb8ef7ca1b3fcfca7718b23df5389a3b580cc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd10c28d74256616f4f20b34f0e4914686707bcd8d030bd0fddff274f11205b5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D631953260A68189EBA4EF61F8556F9A361FF88784F850235EA8D5BF69DF3DC104C710
                                                                                                                                                                                                          Function 00007FF8B61B6290 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 211COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • BUF_MEM_grow_clean.LIBCRYPTO-1_1(?,?,?,00000000,?,-00000031,00007FF8B61B6A4D), ref: 00007FF8B61B6431
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: M_grow_clean
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem.c
                                                                                                                                                                                                          • API String ID: 964628749-2512360314
                                                                                                                                                                                                          • Opcode ID: 7a77c42f21e6545b3253a2a35eacc0d4b118e17c4845b2e3276a665ed4b67177
                                                                                                                                                                                                          • Instruction ID: 5fceaa9e1f47045863e7ddf06c5bdebbdce1d27e3ef510c560be45c76e8052ff
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a77c42f21e6545b3253a2a35eacc0d4b118e17c4845b2e3276a665ed4b67177
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48A19A72A08A8285EB60DF29D4443B92BA5FB54BD8F1C41B6CB4D47799CF3DE885CB40
                                                                                                                                                                                                          Function 00007FF7A3B35698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1279662727-0
                                                                                                                                                                                                          • Opcode ID: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                                          • Instruction ID: b2ad6f7ccf1f8b659f11f5ecd0274c7e55f7bc816ef0f73c7631ff77c717537c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6141B322E1979183E398EF209514379A261FB94754F518335E6DC13EE1DF6DA4E08760
                                                                                                                                                                                                          Function 00007FF7A3B220C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1956198572-0
                                                                                                                                                                                                          • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                          • Instruction ID: 4f2fe7bf57d7ec6af8949d7980db37fddbd0c1a08da4ba10f89bfb1a3c12935f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F211E921B0D18282F6D4AFAAF545A7A9253EB88780FC54130DFC95BBA9CD3ED4918214
                                                                                                                                                                                                          Function 00007FF8B6197120 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: C_get_current_jobR_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 4281227279-1080266419
                                                                                                                                                                                                          • Opcode ID: 8cd2e79bd01e4c605c840c68644f3601f27a72c746b1b2c873290dc5c8e684b8
                                                                                                                                                                                                          • Instruction ID: c2d6c92e1445de30219cc14aa9eb1a9a0d6d55e9b178ab154812f6d4043c37f0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8cd2e79bd01e4c605c840c68644f3601f27a72c746b1b2c873290dc5c8e684b8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C216732B0864283EB50EF29E4012AD23A0EF89BD4F880171EF0D47786EF3CE5468A10
                                                                                                                                                                                                          Function 00007FF7A3B2CCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3251591375-0
                                                                                                                                                                                                          • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                          • Instruction ID: 5a408877c1183e3b7325827a07aefd4d4a2805cd0d6e99045ed034c53c1f8c9f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8315D10E0E28245FAE4BFA49421BB9A6839F41384FC60635D6CD676F7DE2FA4058231
                                                                                                                                                                                                          Function 00007FF7A3B39AA0 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                          • Opcode ID: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                          • Instruction ID: e27601180f1410ffdd5329d3474d7cc339302a179a3e66a97bd19bf7c3082a87
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71D05E10B1A70687FB887F301C98178A2136F48B40F861438C9CB26BB3ED3EA40C4320
                                                                                                                                                                                                          Function 00007FF8A8612FB8 Relevance: 3.9, APIs: 3, Instructions: 107COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233773817.00007FF8A8611000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8610000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233719326.00007FF8A8610000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233773817.00007FF8A861D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233773817.00007FF8A8675000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233773817.00007FF8A8689000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233773817.00007FF8A869A000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233773817.00007FF8A86A0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233773817.00007FF8A86AD000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233773817.00007FF8A885B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2234341395.00007FF8A885D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2234341395.00007FF8A8888000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2234341395.00007FF8A88B9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2234341395.00007FF8A88DF000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2234341395.00007FF8A8905000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2235131968.00007FF8A892C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2235224863.00007FF8A8932000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2235276694.00007FF8A8934000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2235276694.00007FF8A8950000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2235276694.00007FF8A8954000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8610000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: freemalloc
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3061335427-0
                                                                                                                                                                                                          • Opcode ID: 6864a761944ec2654b58eae12ae0b32c8dbe35088e837abbc3cabeeea62e08e4
                                                                                                                                                                                                          • Instruction ID: e64b290b60fd700b8aace884af3d5ff4aaed55215fa84296dd5021e994a14c30
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6864a761944ec2654b58eae12ae0b32c8dbe35088e837abbc3cabeeea62e08e4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F316021B1B68255EE94CB46B55413AD7A4EF89BC0F4C1435EE4E07B4ADF2CE8418B18
                                                                                                                                                                                                          Function 00007FF8B61B6D40 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBCRYPTO-1_1(?,?,00000000,?,00007FF8B61B6A65), ref: 00007FF8B61B70C8
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem.c
                                                                                                                                                                                                          • API String ID: 1767461275-2512360314
                                                                                                                                                                                                          • Opcode ID: bd53e6fc818244c25e435d994b3a884f1f165cbe6141e99f021bcfac66b9e287
                                                                                                                                                                                                          • Instruction ID: 2cc10b3c9af344c51fe52ee90d5c48b5b9f6aaa8fd23a45b4855761c9e502689
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd53e6fc818244c25e435d994b3a884f1f165cbe6141e99f021bcfac66b9e287
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A918B72A08A4286EB64DF2DD4543B927A4FB45BC8F0C017ADB4D87A94CF3EE945CB50
                                                                                                                                                                                                          Function 00007FF8B61B6668 Relevance: 3.3, APIs: 2, Instructions: 316COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorLastM_freeR_clear_error
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1231514297-0
                                                                                                                                                                                                          • Opcode ID: d91c353022e18e8c7fba8ab01a5b39995b184d47e2ab8ef492f61c0125e03bd4
                                                                                                                                                                                                          • Instruction ID: 33c637f190e3a7a7ddaf1c44500d37dd66f86816be61bda2b3901dc61af227f1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d91c353022e18e8c7fba8ab01a5b39995b184d47e2ab8ef492f61c0125e03bd4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79219D72A08B02C6FB649F29944123D37E8EB21BC4F2C84B4DB0D53295CF38E881DB91
                                                                                                                                                                                                          Function 00007FF7A3B301AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                          • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                          • Instruction ID: 172dea6ede5df94c3a544b523b10cacb5da7c2b33d1e43a4ed145f88f2f37af7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB510B21B0B66146F7ACAD25940067AE293BF44BA4F964730DDEE23FE5CF3ED5018621
                                                                                                                                                                                                          Function 00007FF8B61B5F80 Relevance: 3.1, APIs: 2, Instructions: 60COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorLastM_freeR_clear_error
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1231514297-0
                                                                                                                                                                                                          • Opcode ID: dd87c8fa57a67f30e78edd1cda4d61b8500bc7ecdac66fbb42d91985a94daee1
                                                                                                                                                                                                          • Instruction ID: 405b26bdf919f3b6ec684f27d7b62a713ab52b9a637768b443b40153386b0d68
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd87c8fa57a67f30e78edd1cda4d61b8500bc7ecdac66fbb42d91985a94daee1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F214C32A08A42C6EB649F29944127D37A8EF65BC4F1C84B5EB0D56295CE38E881DB91
                                                                                                                                                                                                          Function 00007FF7A3B3C1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2976181284-0
                                                                                                                                                                                                          • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                          • Instruction ID: 518ec3352aa66293dd6046cd2a2c2872677ba7b28e54b8fe80f54b2cb4f43246
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8011E261B09A9181DA94AF65B804069F362AB41BF0F950331EEBD5BFF9CF7DD0058700
                                                                                                                                                                                                          Function 00007FF7A3B3A9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(?,?,?,00007FF7A3B42D92,?,?,?,00007FF7A3B42DCF,?,?,00000000,00007FF7A3B43295,?,?,?,00007FF7A3B431C7), ref: 00007FF7A3B3A9CE
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF7A3B42D92,?,?,?,00007FF7A3B42DCF,?,?,00000000,00007FF7A3B43295,?,?,?,00007FF7A3B431C7), ref: 00007FF7A3B3A9D8
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                                                                          • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                          • Instruction ID: 1c7ae19908d349c071fba142e6719fed6c9cd6196a60dae7f1d79e823d916529
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CE04811E0B11282FF9C7FB2544517852525F84741B860134D99D72AB1DE2D54454320
                                                                                                                                                                                                          Function 00007FF7A3B3ABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,00007FF7A3B3AA45,?,?,00000000,00007FF7A3B3AAFA), ref: 00007FF7A3B3AC36
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF7A3B3AA45,?,?,00000000,00007FF7A3B3AAFA), ref: 00007FF7A3B3AC40
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseErrorHandleLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 918212764-0
                                                                                                                                                                                                          • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                          • Instruction ID: 52ee82a873438b010b68df26915721b14e4560e149e8a6ac5dc5155ed6c28cab
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA21FC10F1E66241FED87F25A850279E3835F84790FDA4234D99E57FE2CE6EE4444311
                                                                                                                                                                                                          Function 00007FF7A3B3BF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                          • Opcode ID: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                          • Instruction ID: a4e8ddff93c1387616c161f10057a8f4fb0cde323ccd38ec5c8d3a6f67380717
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E141083290A25187EABCEF59A440279F3A2EB55B40F911131D6CE53EE5CF2EE402CB71
                                                                                                                                                                                                          Function 00007FF7A3B27F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _fread_nolock
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 840049012-0
                                                                                                                                                                                                          • Opcode ID: e68f7924d8d775e7cfc988c1acc5ef8cb841fcb1ab7bf70469a3d80c82781ba4
                                                                                                                                                                                                          • Instruction ID: 5bdb8a6e7ec4c738c08a9292d06a3031aa2d05b12a86ed313c70dd4ab39909bc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e68f7924d8d775e7cfc988c1acc5ef8cb841fcb1ab7bf70469a3d80c82781ba4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D21F811B0A79185FA94BF5264007BBD752BF45BC4FCE4430EE8D67B96CE3EE0418610
                                                                                                                                                                                                          Function 00007FF7A3B3B9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                          • Opcode ID: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                          • Instruction ID: b7d3c37de9898df05972a5e492cd2bf32b4f69a5b2b6b29bbd9c9dfc766ef411
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE31C721919A6286F798BF55840137CAA51AF40B94FC70135D99D23FF2CF7EE4418731
                                                                                                                                                                                                          Function 00007FF8B6171E33 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_ctrl
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3605655398-0
                                                                                                                                                                                                          • Opcode ID: 1593eff19503944649c9bc9665cf5f1527ef5e121e216453edb142883cf065e3
                                                                                                                                                                                                          • Instruction ID: e3a8d12cbbc784712996b6481dfdcfbba00e2b80b042387f2a32597ead07408d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1593eff19503944649c9bc9665cf5f1527ef5e121e216453edb142883cf065e3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7318E32618B8586D7908F6AE440BED77A0F789B88F084176EF8C4BB59CF79C1458B10
                                                                                                                                                                                                          Function 00007FF7A3B399D1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3947729631-0
                                                                                                                                                                                                          • Opcode ID: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                          • Instruction ID: e6a7b8e11369610db55a955a84c8f18c20d8163bdcbe631d056c2c388e94407d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72219F32A067918EEBA8AF68C4403EC73A2EB44718F850635D69D26FE5DF3DD444C760
                                                                                                                                                                                                          Function 00007FF7A3B36004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                          • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                          • Instruction ID: 0b5c6c55093ab0d0f26685c1f22ed4525e319fc2daf1e60b35ec3bd51ac9d819
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18118422A1E66141EAA8FF1194051BDE266AF45B84FD64032EBCC77EB6DF3ED4408720
                                                                                                                                                                                                          Function 00007FF7A3B463C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                          • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                          • Instruction ID: 762c549be86612a9fb3ac974735a73b68ab84d8ee9379a6f55aa030b5878e926
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5321FC7261968147EBE49F18E440379F762FB84B54F950234D6DD976E5DF3ED8008B10
                                                                                                                                                                                                          Function 00007FF7A3B3042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                          • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                          • Instruction ID: 39d7b263bfa548f9cb031719f5733e82c1df9653b112ae5cea5ec08b046ef67d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB01A561A0976140E988EF565901169E6A6AF85FE0F8A4631EEDD27FE6CE3EE1014310
                                                                                                                                                                                                          Function 00007FF8B61B6130 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1767461275-0
                                                                                                                                                                                                          • Opcode ID: 4f48c1642cd8e079b41de6a7940bea788ae535b90593227ebd844b7e21ca7648
                                                                                                                                                                                                          • Instruction ID: 9b65226a497e5ac9331158598a9926bd728e16dc561e9f264575e2c339c166c2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f48c1642cd8e079b41de6a7940bea788ae535b90593227ebd844b7e21ca7648
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F01817261864186E7649F2DD40537966A4FBC5BDCF1C0175EF5847BEACA3DD880CB40
                                                                                                                                                                                                          Function 00007FF8B6171C53 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_ctrl
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3605655398-0
                                                                                                                                                                                                          • Opcode ID: 185a4590cae240f77e7eedd31c7c89c79780733dc315fcf5ce2bcf5490361713
                                                                                                                                                                                                          • Instruction ID: 0c0dbaca4e123fdbafb5440f626e19be6c58ae33c2108da837475cdad61a7bfd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 185a4590cae240f77e7eedd31c7c89c79780733dc315fcf5ce2bcf5490361713
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8BE048F2F0550246F7605B7D9446B6816A0EB58754F7C1070DF0CC6682E6ADE8D68744
                                                                                                                                                                                                          Function 00007FF7A3B29070 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B29400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7A3B245E4,00000000,00007FF7A3B21985), ref: 00007FF7A3B29439
                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00007FF7A3B26466,?,00007FF7A3B2336E), ref: 00007FF7A3B29092
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2592636585-0
                                                                                                                                                                                                          • Opcode ID: 7140f7c55cf735ced6a4f02887063d730e60c19ae08c919a697b9dfe54228ee6
                                                                                                                                                                                                          • Instruction ID: b7c0ab472eafdec2db0daefeba6f46b9164864673f0ce6c64f459fd24cf8c88d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7140f7c55cf735ced6a4f02887063d730e60c19ae08c919a697b9dfe54228ee6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10D08C11B2929542FA98BB67BA466799252ABC9BC0F888035EE9D03B6ADC3DD0514B00
                                                                                                                                                                                                          Function 00007FF8A8612B53 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233773817.00007FF8A8611000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8610000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233719326.00007FF8A8610000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233773817.00007FF8A861D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233773817.00007FF8A8675000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233773817.00007FF8A8689000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233773817.00007FF8A869A000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233773817.00007FF8A86A0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233773817.00007FF8A86AD000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233773817.00007FF8A885B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2234341395.00007FF8A885D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2234341395.00007FF8A8888000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2234341395.00007FF8A88B9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2234341395.00007FF8A88DF000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2234341395.00007FF8A8905000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2235131968.00007FF8A892C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2235224863.00007FF8A8932000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2235276694.00007FF8A8934000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2235276694.00007FF8A8950000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2235276694.00007FF8A8954000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8610000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Free
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3978063606-0
                                                                                                                                                                                                          • Opcode ID: 0f56840c3668eef90e64ac72c1166a1ce6f4bd6752172c29d911233d513c3bc9
                                                                                                                                                                                                          • Instruction ID: fe6e379b30c23b09a235b87b7078b1d5144297355f34c72681e4b2578e889964
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f56840c3668eef90e64ac72c1166a1ce6f4bd6752172c29d911233d513c3bc9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0C01225F0700357F7482378A85A1691150DF44351F905034E00EC2AD1DE0C98598714
                                                                                                                                                                                                          Function 00007FF7A3B3D66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,?,00007FF7A3B30D00,?,?,?,00007FF7A3B3236A,?,?,?,?,?,00007FF7A3B33B59), ref: 00007FF7A3B3D6AA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                          • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                          • Instruction ID: 2ebd327048ff050b603dc9e8c724df69e4f3ea1965146595dbf736838f6aae49
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2FF03A00B4B36645FAD87EA2580167892A24F547A0F8A0334D9BE65FF2DE2EE4408530

                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                          Function 00007FF7A3B28BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                          • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                          • API String ID: 3832162212-3165540532
                                                                                                                                                                                                          • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                          • Instruction ID: e4fc686783f1129091db99638aa1a1cebffbb8aea9e547f8718db64a03b5cc8e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9D1A432A0AA8286F790EF74E8546A9B762FF84758F810235DADD63AB4DF3DD104C714
                                                                                                                                                                                                          Function 00007FF8B61715B4 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 207COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: E_finishY_asn1_find_strY_asn1_get0_info$J_nid2sn$D_sizeP_get_cipherbynameP_get_digestbyname
                                                                                                                                                                                                          • String ID: `$gost-mac$gost-mac-12$gost2001$gost2012_256$gost2012_512
                                                                                                                                                                                                          • API String ID: 3257371973-344903700
                                                                                                                                                                                                          • Opcode ID: 066e596aa8e7a13275792c1bb4411d9b9abffa1e93482a02e3ed91d017f7f1b9
                                                                                                                                                                                                          • Instruction ID: c0b5929f70eebf47d15f282faadac0842b6058942ebbec5f8477d4a3ca1f8742
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 066e596aa8e7a13275792c1bb4411d9b9abffa1e93482a02e3ed91d017f7f1b9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DA15172E097528AF720DF28E8516A936A4FB487D8F45027AEB4D83AE4DF3CE141C744
                                                                                                                                                                                                          Function 00007FF8B61C7530 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_free$X509_get0_pubkeyX_freeX_new
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c
                                                                                                                                                                                                          • API String ID: 1476775391-2839845709
                                                                                                                                                                                                          • Opcode ID: 6caa239500de3fba0d39ec1ca4584f65b0517aa0fe9eccf951fd18664870877a
                                                                                                                                                                                                          • Instruction ID: 82e7c44c38daad40f99e1ec515661a8aaa6f25f1aa96f7916d55244b0af2bdc2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6caa239500de3fba0d39ec1ca4584f65b0517aa0fe9eccf951fd18664870877a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50E1AE32A0868286EB24CB2AE4447BD77A0FB84BC4F544171DB8D4BB95DFBCE649C714
                                                                                                                                                                                                          Function 00007FF8B617254F Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 296COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_free$O_ctrlO_newO_s_fileR_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                          • API String ID: 775051240-2723262194
                                                                                                                                                                                                          • Opcode ID: cf6e5f718dc7574cbe193d1a8e0e408ca73411cb6cc2fbe5df2a4a56f1d01eb7
                                                                                                                                                                                                          • Instruction ID: 67e200f98aee7cfe31e38abc21a7ce18c8fe325566407152a2aa215abc90cad6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf6e5f718dc7574cbe193d1a8e0e408ca73411cb6cc2fbe5df2a4a56f1d01eb7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50C1DD62F186569AFB20CF69D4412BD27A5AF457C8F0041BAEF5E97B89DE3CE605C300
                                                                                                                                                                                                          Function 00007FF8B617177B Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 430COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: X_freeY_free$DigestSign$InitO_memcmpP_sha256X_newY_new_raw_private_key
                                                                                                                                                                                                          • String ID: $..\s\ssl\statem\extensions_srvr.c
                                                                                                                                                                                                          • API String ID: 1001666065-1533168471
                                                                                                                                                                                                          • Opcode ID: d2b9715834416d6d4f95a1464492f4c599caee1008d219036fd75b5297f730aa
                                                                                                                                                                                                          • Instruction ID: ad1c23e58d171adcf569037414cbb0b8d557584bb13a16eb1a9056ecaf555bb2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2b9715834416d6d4f95a1464492f4c599caee1008d219036fd75b5297f730aa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 691207A2B1CA8282FB609B29D4546BE6BA9EF807C4F5C4071EB4D47AD5DF3CE615C700
                                                                                                                                                                                                          Function 00007FF8B61717BD Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 375COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: L_sk_new_nullL_sk_pop_freeX509X509_freed2i_
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                          • API String ID: 1068509327-348624464
                                                                                                                                                                                                          • Opcode ID: 8bc3a8f7366ee703e66a327b67079a6235c503054a1eef628dfa69fe8cf9d49e
                                                                                                                                                                                                          • Instruction ID: 00986e81420922f83049cb4f6e8bf667ceb6e58d84f087813be07f1fa2419bfa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8bc3a8f7366ee703e66a327b67079a6235c503054a1eef628dfa69fe8cf9d49e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DF1CE32A0C68685EB70CF29E4443BA77A5EB84BD9F144175EB8D4BA99DF3CE581C700
                                                                                                                                                                                                          Function 00007FF8B6199720 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 1767461275-1080266419
                                                                                                                                                                                                          • Opcode ID: 77fddfaab2726cf9ca24b8fc7edc8787aa8e96df839b77dbf3d0aa5cd5c50d16
                                                                                                                                                                                                          • Instruction ID: 56d74ad28f8359a48980f8048483b8a9255551b2ad98a1d2111d75d483d307c1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77fddfaab2726cf9ca24b8fc7edc8787aa8e96df839b77dbf3d0aa5cd5c50d16
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79E1F876A06B81D6EB98CF29D5803E973A4FB48B98F084176DF5C4B395DF38A161CB10
                                                                                                                                                                                                          Function 00007FF8B61715C8 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_freeX_freeX_new
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c
                                                                                                                                                                                                          • API String ID: 419883019-2839845709
                                                                                                                                                                                                          • Opcode ID: d97a1175b1084a4846ecaf81ad5bde1a474ccb26e35fb4fcca7df6fdb31c2ae9
                                                                                                                                                                                                          • Instruction ID: e4eea9d65e333a1cd682ae4c92875b333935fc11edb12cee4634ff03bed464df
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d97a1175b1084a4846ecaf81ad5bde1a474ccb26e35fb4fcca7df6fdb31c2ae9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F91C171A0CA8281FB60DB1AE4117BE6BA1EB84BD8F140075EF4D4BB99DF3CD5498B44
                                                                                                                                                                                                          Function 00007FF8B61A3730 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_free$L_cleanse$D_lock_freeL_sk_pop_freeO_clear_freeO_free_ex_dataX509_free
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                          • API String ID: 4155952050-2868363209
                                                                                                                                                                                                          • Opcode ID: 75faa34386be25a96ca77000f6802a203e63b0ccb9e7bb91d5e6fdf8a61245fe
                                                                                                                                                                                                          • Instruction ID: fffcaac5d0df9c95c6edd52d0660b2753b6fad24a095a260d50719eae7c85c17
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75faa34386be25a96ca77000f6802a203e63b0ccb9e7bb91d5e6fdf8a61245fe
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7312C61F1A64391FB15EB6EE8557FC2321EB85BD8F4410B2DE0C4B296DE2DE249C360
                                                                                                                                                                                                          Function 00007FF8B61716F4 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 188COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_strdup$O_memdup$D_lock_newO_dup_ex_dataO_mallocR_put_errorX509_chain_up_refX509_up_ref
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                          • API String ID: 101854310-2868363209
                                                                                                                                                                                                          • Opcode ID: d17860a991c12f4e7e514c101f9d794b8aebc88e1213757499e89d27d893f965
                                                                                                                                                                                                          • Instruction ID: 9904b6469748609697a83658d291eda2cb36d7d8959445116bec842a28a5dac5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d17860a991c12f4e7e514c101f9d794b8aebc88e1213757499e89d27d893f965
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11A12E22A1ABC282EB55DF28E5503F833A0FF54788F085275DF5C16666EF38E194D720
                                                                                                                                                                                                          Function 00007FF8B617256D Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 314COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: X_iv_lengthmemcpy
                                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_record_tls13.c$M
                                                                                                                                                                                                          • API String ID: 544732426-1371881060
                                                                                                                                                                                                          • Opcode ID: e4a604075973763b4b1902fee18603d5bb49197ad29112221864013e394e681a
                                                                                                                                                                                                          • Instruction ID: 82dd6beed79c6e07e80e1fe91f71ab226b0c1250984d6c3ab5f5efdb7229f012
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4a604075973763b4b1902fee18603d5bb49197ad29112221864013e394e681a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAE1BC62B086828AFB218F6AD4503BE3BA1FB597C8F084175DF4D47A9ADF38E551C740
                                                                                                                                                                                                          Function 00007FF8B61BB720 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • X509_get0_pubkey.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_clnt.c,?,?,?,00007FF8B61BC337), ref: 00007FF8B61BB78F
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: X509_get0_pubkey
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$0
                                                                                                                                                                                                          • API String ID: 2698272274-513810425
                                                                                                                                                                                                          • Opcode ID: 5b5233d38ecf0693e14eb18ebbde31e011178da0152cfead48d5034e06c2f492
                                                                                                                                                                                                          • Instruction ID: b609cd7ad4e6ed1d2a96e6247ca487fc38cf2af06aff3cad2b17192e83d8af6d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b5233d38ecf0693e14eb18ebbde31e011178da0152cfead48d5034e06c2f492
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3671A272A09A4286EB20DB1AE5107BA7B94EB85BD8F4C4075DF8D47B85DF3CE2058B00
                                                                                                                                                                                                          Function 00007FF8B6171523 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: N_free$O_free
                                                                                                                                                                                                          • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                          • API String ID: 3506937590-1778748169
                                                                                                                                                                                                          • Opcode ID: 75fbdc94c779b8318019f97e81634c190a6ec1d97ae7336c15588027b7e3bf52
                                                                                                                                                                                                          • Instruction ID: 45a4dadcd4e8731dfc6db2aeb85ff9919d7137e351acdbb03959e3c49049e88b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75fbdc94c779b8318019f97e81634c190a6ec1d97ae7336c15588027b7e3bf52
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8212162E1AB8682E715DF35C8513F81324EB95B88F485275FF0D4A267DFA8A3C18350
                                                                                                                                                                                                          Function 00007FF8B61C1620 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 80COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_mallocR_put_error$O_free
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_dtls.c$R
                                                                                                                                                                                                          • API String ID: 1091011155-469809446
                                                                                                                                                                                                          • Opcode ID: e68bbd5e43c3f9b40fc4de909b540b2ee8b1db909ec6226f1868466ca6cc50d0
                                                                                                                                                                                                          • Instruction ID: 8fa94be285c76a8b49b8d17e9365fe0b7ac41c2e3a5c4c5fb8004adec364b788
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e68bbd5e43c3f9b40fc4de909b540b2ee8b1db909ec6226f1868466ca6cc50d0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31319032A0964296E720EF1AE4012A97364FB447C4F844471EB4D47B99EF7DF608CB04
                                                                                                                                                                                                          Function 00007FF8A84F12F0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 343COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Mem_$MallocSubtypeType_$DeallocErr_FreeMemory
                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                          • API String ID: 4139299733-4108050209
                                                                                                                                                                                                          • Opcode ID: 9f9c89dfe89939c84336a20baca6dfd687e87eebe8aa8381b46da653639d6d15
                                                                                                                                                                                                          • Instruction ID: dab535da099eec71162e1d013b61b307ce6a1445dc51c847e668ce83d3f48a9f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f9c89dfe89939c84336a20baca6dfd687e87eebe8aa8381b46da653639d6d15
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23E1D072E0F592A5EA698B15D40867A73E5FB44FC4F144139EA8E82784DFBCEC41C728
                                                                                                                                                                                                          Function 00007FF8A84F18D0 Relevance: 13.9, APIs: 9, Instructions: 435COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Mem_$FreeSubtypeType_$DataErr_FromKindMallocMemoryReallocUnicode_
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3719493655-0
                                                                                                                                                                                                          • Opcode ID: a6f8d227c04c96ee92d3327cf4cee3c09afe3ee40d30a4d34132af5cf80b64b2
                                                                                                                                                                                                          • Instruction ID: 896ef1a50a9c935deb9398bba22edd5b41da8b10e39f46cc571bdce607ee781b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6f8d227c04c96ee92d3327cf4cee3c09afe3ee40d30a4d34132af5cf80b64b2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D023372F0F692A2EB698B15D41467936A5EB84FC4F04413DDA8E467D4EFADEC40C328
                                                                                                                                                                                                          Function 00007FF8A84F3068 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 313767242-0
                                                                                                                                                                                                          • Opcode ID: 00f1522312bfcd982374d2b7872c5ef4cc0ec29a30735505d4bf24cc2f66f2d8
                                                                                                                                                                                                          • Instruction ID: c31a239137050c05305cd6589d6c57b76c16a8508c8087b29a5660f902e9ce97
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 00f1522312bfcd982374d2b7872c5ef4cc0ec29a30735505d4bf24cc2f66f2d8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3431627260AB8199EB64CF60E8407ED3361FB84B84F44403EDA4E47798EF78C948C728
                                                                                                                                                                                                          Function 00007FF8B61C2820 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_free$X_free$memcpy
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                          • API String ID: 1711549817-3140652063
                                                                                                                                                                                                          • Opcode ID: 3c0d4046dcd5efa6f57721ad595d4f812cd9634dc63155fda5099db59d012e40
                                                                                                                                                                                                          • Instruction ID: 1b381017d80fff7961bd8de494eda35e736cdb06d93cdcd68d6c4acb73314ea4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c0d4046dcd5efa6f57721ad595d4f812cd9634dc63155fda5099db59d012e40
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92416862A0864282EA24EF2ED4523BD27A1FB85FD4F084471DF4D4B796DE7DD886C304
                                                                                                                                                                                                          Function 00007FF7A3B283B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,00007FF7A3B28B09,00007FF7A3B23FA5), ref: 00007FF7A3B2841B
                                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?,00007FF7A3B28B09,00007FF7A3B23FA5), ref: 00007FF7A3B2849E
                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,00007FF7A3B28B09,00007FF7A3B23FA5), ref: 00007FF7A3B284BD
                                                                                                                                                                                                          • FindNextFileW.KERNEL32(?,00007FF7A3B28B09,00007FF7A3B23FA5), ref: 00007FF7A3B284CB
                                                                                                                                                                                                          • FindClose.KERNEL32(?,00007FF7A3B28B09,00007FF7A3B23FA5), ref: 00007FF7A3B284DC
                                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?,00007FF7A3B28B09,00007FF7A3B23FA5), ref: 00007FF7A3B284E5
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                          • String ID: %s\*
                                                                                                                                                                                                          • API String ID: 1057558799-766152087
                                                                                                                                                                                                          • Opcode ID: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                          • Instruction ID: 8d1eba053c0aa4e779df41e2a6177281567e3d99fdf5e25ffe1ea993bd01c88c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C41C621A1E58282EAB0BFA4E4449B9A362FF94754FC10331D5EEA36E4DF3DD5058710
                                                                                                                                                                                                          Function 00007FF8B6174690 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_clear_flagsO_freeO_get_dataO_get_initO_get_shutdownO_set_init
                                                                                                                                                                                                          • String ID: ..\s\ssl\bio_ssl.c
                                                                                                                                                                                                          • API String ID: 3531300166-4039210333
                                                                                                                                                                                                          • Opcode ID: 95d8aa021e220a86cb42fc1fa28408fcca7b1e0d037d70d08795db5f3bff898b
                                                                                                                                                                                                          • Instruction ID: 1648d45b82bd39b192c4b4596347dfe3e718cc48a979310c0b61320c4c96329e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95d8aa021e220a86cb42fc1fa28408fcca7b1e0d037d70d08795db5f3bff898b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88014F91F1A68341FA64FB7F995227916819F867E0F0811B0FF1E867C6EE1CE5854710
                                                                                                                                                                                                          Function 00007FF8B61714FB Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 178COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_freeY_free$Y_get1_tls_encodedpoint
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c
                                                                                                                                                                                                          • API String ID: 3595761781-1853348325
                                                                                                                                                                                                          • Opcode ID: fa503a48aac962b92e37a8efb8bf717dca5e93b649bd7648712d72c2813d0840
                                                                                                                                                                                                          • Instruction ID: 79c0fb5dfaf18b06c809205f6b09149b1a868e1d99eb8a2a5506e9ef8d1377e4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa503a48aac962b92e37a8efb8bf717dca5e93b649bd7648712d72c2813d0840
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C571CE61B0CA4285FB609B1AE5427BD67A5EF85BD4F4C00B1EF4D47B8ACF2CE5058B00
                                                                                                                                                                                                          Function 00007FF8B61D0570 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: N_bin2bnN_is_zeroN_ucmpO_freeO_strdup
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                          • API String ID: 3996552382-348624464
                                                                                                                                                                                                          • Opcode ID: e663218e5bc5cb7894182549be65a187b552d419c64a41ca055cca23d52581a7
                                                                                                                                                                                                          • Instruction ID: b59dd437fe7955274d454f24943f48a6574fe507f90ba0f72379b63eb94e2374
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e663218e5bc5cb7894182549be65a187b552d419c64a41ca055cca23d52581a7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9441F332B08A8281EB609F29E454BBD67A5EB84BD8F144275DF5D4BB94DF3CD5C18B00
                                                                                                                                                                                                          Function 00007FF7A3B2D19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3140674995-0
                                                                                                                                                                                                          • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                          • Instruction ID: 31bd836aa4dca6d69a12040644bb50667ee2a91fd22fa37bef97dcd48a7377e3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91316272A09B8186EBA0DF60E8407EE7365FB84704F454139DB8D57BA5DF39C548C724
                                                                                                                                                                                                          Function 00007FF7A3B45C70 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7A3B45CB5
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B45608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A3B4561C
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B3A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7A3B42D92,?,?,?,00007FF7A3B42DCF,?,?,00000000,00007FF7A3B43295,?,?,?,00007FF7A3B431C7), ref: 00007FF7A3B3A9CE
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B3A9B8: GetLastError.KERNEL32(?,?,?,00007FF7A3B42D92,?,?,?,00007FF7A3B42DCF,?,?,00000000,00007FF7A3B43295,?,?,?,00007FF7A3B431C7), ref: 00007FF7A3B3A9D8
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B3A970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7A3B3A94F,?,?,?,?,?,00007FF7A3B3A83A), ref: 00007FF7A3B3A979
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B3A970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7A3B3A94F,?,?,?,?,?,00007FF7A3B3A83A), ref: 00007FF7A3B3A99E
                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7A3B45CA4
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B45668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A3B4567C
                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7A3B45F1A
                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7A3B45F2B
                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7A3B45F3C
                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7A3B4617C), ref: 00007FF7A3B45F63
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4070488512-0
                                                                                                                                                                                                          • Opcode ID: 0c9ae4c43809035ead388df1149d8e15e4647e923e6de7bb59d770bfc2eeda5e
                                                                                                                                                                                                          • Instruction ID: 3c3bb102c56ebad51b1393ae4929d0a6daf2b151313e9b2413d0e2eda43c5d93
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c9ae4c43809035ead388df1149d8e15e4647e923e6de7bb59d770bfc2eeda5e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27D1F722E0A65245F7A0FF21D4411B9A352FF44784FC68136EA8D67AB6DF3EE441C364
                                                                                                                                                                                                          Function 00007FF7A3B3A684 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1239891234-0
                                                                                                                                                                                                          • Opcode ID: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                          • Instruction ID: eb680d5f40c7f7304a559682e9a79a188b4625c66251e004918a7363b85b5e9b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D31B332609B8186EBA0DF24E8407AEB3A5FB88754F950135EACD53BA5DF3DC145CB10
                                                                                                                                                                                                          Function 00007FF8B617176C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 144COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_freeO_malloc
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                          • API String ID: 2609694610-592572767
                                                                                                                                                                                                          • Opcode ID: a2ce6b5e007f25030ca70bab99670ce1a3035366a3f223e86b5bb5c92eae3966
                                                                                                                                                                                                          • Instruction ID: 21a68b58c72dc1f6a9c2d5be29bd057ca11149f550b50852b135759f27a463ae
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2ce6b5e007f25030ca70bab99670ce1a3035366a3f223e86b5bb5c92eae3966
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0618C72A09B8185EB608F19E4942AD77A5EB85BD8F088275DF9C47BA4CF7CD2918700
                                                                                                                                                                                                          Function 00007FF8B6171762 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_reallocR_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 1389097454-1080266419
                                                                                                                                                                                                          • Opcode ID: b330547daaa1f886599e092ee754333c3e7c8a3a100f5c4aead87d2254576b0c
                                                                                                                                                                                                          • Instruction ID: 20d49baef62c9e673c43141dd05da002904be8ae045036b2d8a0cda113f82d08
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b330547daaa1f886599e092ee754333c3e7c8a3a100f5c4aead87d2254576b0c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F41D073B097C6A7E626CB29A9002AAA790FB45BD8F444171EF9C03790DF3CE566C700
                                                                                                                                                                                                          Function 00007FF8B61AA8B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_free$Y_freeY_get1_tls_encodedpoint
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                          • API String ID: 4042585043-592572767
                                                                                                                                                                                                          • Opcode ID: de9781925f92abacbd6d7d16ef06a0f73eb5c048de4f1134ebcfadaa8664293f
                                                                                                                                                                                                          • Instruction ID: a78ea56d18a74ad8e2b500fb820b93124764be873ad774ca85d1afd266497a71
                                                                                                                                                                                                          • Opcode Fuzzy Hash: de9781925f92abacbd6d7d16ef06a0f73eb5c048de4f1134ebcfadaa8664293f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B541D171B0EB5181EB609B1AE44437A6BA1FB85BD0F044071EF8C07B96CF3DD5458704
                                                                                                                                                                                                          Function 00007FF7A3B418E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2227656907-0
                                                                                                                                                                                                          • Opcode ID: 2ef3c37f04818ead7d44404f95bcb0bbc346a7a2ea351082cea4bee254bbf61c
                                                                                                                                                                                                          • Instruction ID: fe6692428a1571d5511293155c3455b67f4a27c45399d9a8607adb8416462d1b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ef3c37f04818ead7d44404f95bcb0bbc346a7a2ea351082cea4bee254bbf61c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9EB1B522F5A69241FAA1EF2194001B9E352EB44BD4F964131DEDE27BF5EE3DE441C314
                                                                                                                                                                                                          Function 00007FF8B61AF8F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 99COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CRYPTO_realloc.LIBCRYPTO-1_1(?,?,?,00007FF8B61AFC0A,?,?,?,00007FF8B61AF6DE), ref: 00007FF8B61AFA05
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_realloc
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_cust.c$3$t3
                                                                                                                                                                                                          • API String ID: 3931833713-171970420
                                                                                                                                                                                                          • Opcode ID: 35ff359d2387d8de8349f39b0a6f1015210611ba30c35afaa5d98352b1cdd542
                                                                                                                                                                                                          • Instruction ID: 2ff19ebf4de59662ee76a9496767427a9ad64cfd3c54ad2b2063f75f7a08b989
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35ff359d2387d8de8349f39b0a6f1015210611ba30c35afaa5d98352b1cdd542
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26418D72A08B8299EAA48F1D9580239A7A4EB48BD4F144172EF9D437A4DF3DE496C700
                                                                                                                                                                                                          Function 00007FF8B6191790 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_free$O_newO_s_fileO_strdupR_clear_errorR_put_errorX509_free
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_conf.c$gfffffff
                                                                                                                                                                                                          • API String ID: 3738848979-4123734156
                                                                                                                                                                                                          • Opcode ID: 49680231bb8a1bcf174b3ca4e19a91868c58b19882ede3bea0cb7ddf647a651c
                                                                                                                                                                                                          • Instruction ID: 48673c11a5a938c3464c57a87499c145dbe6fa332ce6d47776eb5a42906f46e1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49680231bb8a1bcf174b3ca4e19a91868c58b19882ede3bea0cb7ddf647a651c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63219AA6B1AB4685EE58DF2BE44126927A1EB88FC0F184075EF0E87799DE28E4418341
                                                                                                                                                                                                          Function 00007FF8B6172522 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_freeO_strdupR_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 626504629-1080266419
                                                                                                                                                                                                          • Opcode ID: e75fc668dfe08f2d24baa60ae2701a799fd2acbc2ae01f3f5409286b6e126fa7
                                                                                                                                                                                                          • Instruction ID: 9e66ff5d3f13484e9f4ee51550578ef6e2016eac6641409753d36a322bcf076a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e75fc668dfe08f2d24baa60ae2701a799fd2acbc2ae01f3f5409286b6e126fa7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65218E72F1868185FB918B2EE4483F8A7A0EB88BC0F584471DB5C87792DF2ED5968300
                                                                                                                                                                                                          Function 00007FF8B61716D1 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_zallocR_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\packet.c$b
                                                                                                                                                                                                          • API String ID: 2718799170-1717309047
                                                                                                                                                                                                          • Opcode ID: 0f14f4ad167ac08be25c75ef66c831664656dfee04c6cf2c542470f16a6606a0
                                                                                                                                                                                                          • Instruction ID: f3d567ad9374f6f2574326897bf38bd80874e3cb75f0761a13588d52f8914445
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f14f4ad167ac08be25c75ef66c831664656dfee04c6cf2c542470f16a6606a0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5921F0B2F09B0286EB948B19E4413B932A0EB047E4F604234DB5C473D0EF3CD54AC740
                                                                                                                                                                                                          Function 00007FF8B61795F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_mallocR_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\record\rec_layer_d1.c
                                                                                                                                                                                                          • API String ID: 2513334388-1306860146
                                                                                                                                                                                                          • Opcode ID: 58419fce4abdfd0c58543621b2fff55def53cc6ebb3db6fbfc314d8b9ba85277
                                                                                                                                                                                                          • Instruction ID: bd7e2eda48c878e2be2c4391edb0389d3c586d0303a15662e467b3f46ff0ad85
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58419fce4abdfd0c58543621b2fff55def53cc6ebb3db6fbfc314d8b9ba85277
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB21AC62A1974285EB50DF29E0413BD77A0EF84BA8F480475EB4C47386EF3DE994C740
                                                                                                                                                                                                          Function 00007FF7A3B45EEC Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7A3B45F1A
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B45668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A3B4567C
                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7A3B45F2B
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B45608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A3B4561C
                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7A3B45F3C
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B45638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A3B4564C
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B3A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7A3B42D92,?,?,?,00007FF7A3B42DCF,?,?,00000000,00007FF7A3B43295,?,?,?,00007FF7A3B431C7), ref: 00007FF7A3B3A9CE
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B3A9B8: GetLastError.KERNEL32(?,?,?,00007FF7A3B42D92,?,?,?,00007FF7A3B42DCF,?,?,00000000,00007FF7A3B43295,?,?,?,00007FF7A3B431C7), ref: 00007FF7A3B3A9D8
                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7A3B4617C), ref: 00007FF7A3B45F63
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3458911817-0
                                                                                                                                                                                                          • Opcode ID: 4f5f64917f1a6fb99e16ec8d4eadf885fc2e5ee96e92320975b551feff7f9d51
                                                                                                                                                                                                          • Instruction ID: caf97e812170ea314b952396c26f9b2eca3818a770983570dbb9532eb73a0f9a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f5f64917f1a6fb99e16ec8d4eadf885fc2e5ee96e92320975b551feff7f9d51
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D517532A0A64286F790FF21D4815A9E762BB48744FC64136EACD637B6DF3EE4408764
                                                                                                                                                                                                          Function 00007FF8B61A4820 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: D_unlockD_write_lockH_deleteH_retrieve
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3040165603-0
                                                                                                                                                                                                          • Opcode ID: bdd71cfd702ffaa37004c839deb72ce7121d3a5acd699e7697b6de798a848261
                                                                                                                                                                                                          • Instruction ID: 896e9a65d5c897b6d065a045a111af0ed7f5055fdfe40a2e0707288363c033bb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bdd71cfd702ffaa37004c839deb72ce7121d3a5acd699e7697b6de798a848261
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5219362B19B8285EB65DB5AA410279A2A1EF84FC4F0C4171EF5D5BB8ADF3CE4019740
                                                                                                                                                                                                          Function 00007FF8B617160E Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: D_unlockD_write_lockH_deleteH_retrieve
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3040165603-0
                                                                                                                                                                                                          • Opcode ID: ee1179067d4f7e6bd437950be642053309cdfdfb317ecdc10c49836d33f1c959
                                                                                                                                                                                                          • Instruction ID: c9ce220eecde993c08bde84255a39f1f7257bc61f62e35c07f1822dd2d8012d2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee1179067d4f7e6bd437950be642053309cdfdfb317ecdc10c49836d33f1c959
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D511B761B0978146EA65DB5AA054269E390FF49BD0F084071FF5D87B86DF2DE4418700
                                                                                                                                                                                                          Function 00007FF8B617163B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_freeO_malloc
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                          • API String ID: 2609694610-592572767
                                                                                                                                                                                                          • Opcode ID: 270676c743cf9cebe5723e4ecffaaefb02965fe37da9dfe55016d576b4148a45
                                                                                                                                                                                                          • Instruction ID: 0f8cf3117607b3af6e6ca7625162b9f947a90fe3631707ff5d1bf01e98c5a1bd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 270676c743cf9cebe5723e4ecffaaefb02965fe37da9dfe55016d576b4148a45
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B31AD31A09F8285E770CF1AE40036A67A1EB84BC4F184475EF4C57B98DF3DE5529B04
                                                                                                                                                                                                          Function 00007FF8B6195327 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_memdupR_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 1048774365-1080266419
                                                                                                                                                                                                          • Opcode ID: 9c6f3255b7e0ce66675522fd8876ece689a027c7e4635377238b0b8549612180
                                                                                                                                                                                                          • Instruction ID: 8accba65c4bd4790d41d74279fec479fd302dd4007345ffc2fcbd37f60a224f0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c6f3255b7e0ce66675522fd8876ece689a027c7e4635377238b0b8549612180
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1521D835A09782C3E7648B19A0086B97BA1EF81BC4F6841B1CB4827BC4EF2DE5138B00
                                                                                                                                                                                                          Function 00007FF8B61BD840 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                          • API String ID: 2581946324-1507966698
                                                                                                                                                                                                          • Opcode ID: 079e4b86e6df4411b7a8ee29d5e6c66cdeddd75ef592b8aaf04caabef2017aa8
                                                                                                                                                                                                          • Instruction ID: 658b407a374b92069fd3a14705327fc9559ec4b3c3bf71c2311350e4649bd000
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 079e4b86e6df4411b7a8ee29d5e6c66cdeddd75ef592b8aaf04caabef2017aa8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1131AC62A28B8181E7608B59F4413AAB7A4F7847E8F485234FBDD06A99DF7DD1948B00
                                                                                                                                                                                                          Function 00007FF8B61B85D7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_clear_free
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$;
                                                                                                                                                                                                          • API String ID: 2011826501-2335744092
                                                                                                                                                                                                          • Opcode ID: ed070525a0f97445b50aea7bfdeb4a089066b748b600bf91f8fd690816d75b5e
                                                                                                                                                                                                          • Instruction ID: 3d9bab6c4b84ce15bae8de80e1a95378e41a38a649b08ece4f71744e681c1920
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed070525a0f97445b50aea7bfdeb4a089066b748b600bf91f8fd690816d75b5e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52215C21B18B8689E7908F1AD9856B96765FB49FD4F0C40B2DF8D17B95CF3CE4418300
                                                                                                                                                                                                          Function 00007FF8B61B0620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_cust.c
                                                                                                                                                                                                          • API String ID: 2581946324-3973221358
                                                                                                                                                                                                          • Opcode ID: cb93981deca7adcdd00091efa4fe982654f8a1cb5e491437d2663ad194458034
                                                                                                                                                                                                          • Instruction ID: 565604a6afd444622d4d089f5daee50ca59bbea9ee3373ab3ce8ce7884f52598
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb93981deca7adcdd00091efa4fe982654f8a1cb5e491437d2663ad194458034
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64018072F29E4295E7A0DB1EE0801A96765FB84BC4F185072EF8D47BA9DE3CD191C740
                                                                                                                                                                                                          Function 00007FF8B61B7760 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_freeO_memdup
                                                                                                                                                                                                          • String ID: D:\_w\1\s\ssl\packet_local.h
                                                                                                                                                                                                          • API String ID: 3962629258-1466776524
                                                                                                                                                                                                          • Opcode ID: f547aab25135d2f984ae19c677ca94e6a2ae4f30b03d999a9ba4bab457863762
                                                                                                                                                                                                          • Instruction ID: e5d720134d272c90672c274061b4dbc67bcf7631e9041c65c4774f5ea06a386f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f547aab25135d2f984ae19c677ca94e6a2ae4f30b03d999a9ba4bab457863762
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF01E872B16B8281EB90CF1AF98569967A4FB99BC0F089071EF8C87B55DE3CD561C700
                                                                                                                                                                                                          Function 00007FF8B61AA690 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_freeO_memdup
                                                                                                                                                                                                          • String ID: D:\_w\1\s\ssl\packet_local.h
                                                                                                                                                                                                          • API String ID: 3962629258-1466776524
                                                                                                                                                                                                          • Opcode ID: f64130a14c74b157dfded520b8f41c41d0afd7e259d45b1080870da86f7cf7b0
                                                                                                                                                                                                          • Instruction ID: 6ec432fa5520d4f73314beca6df40a1e1039dc0d8f01a82409c655d96fac379a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f64130a14c74b157dfded520b8f41c41d0afd7e259d45b1080870da86f7cf7b0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68012C36B26B8281EB90CF1AF8846596764FB98BC0F088071EF9C87B49DE3CD551C700
                                                                                                                                                                                                          Function 00007FF8B617189D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_mallocR_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\pqueue.c
                                                                                                                                                                                                          • API String ID: 2513334388-354262084
                                                                                                                                                                                                          • Opcode ID: bc5d62d087c81a1d4f5185042bd4d3a69c1519d4abd72ed1bb3a9994725f11d5
                                                                                                                                                                                                          • Instruction ID: 70f2892772f55be5291f03eef2705bfd88327203097d7cff4605196699c02171
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc5d62d087c81a1d4f5185042bd4d3a69c1519d4abd72ed1bb3a9994725f11d5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B201AD72B1A60286EB908B18F4403B973A0EB48BD4F544072DF6C03B95EF3CE658CB00
                                                                                                                                                                                                          Function 00007FF8B617258B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_freeO_strdup
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                          • API String ID: 2148955802-2868363209
                                                                                                                                                                                                          • Opcode ID: 2df8f823dee3a4e6103b78dbbd3d7b57c140bcc93bbcb049701e9a1bf888716e
                                                                                                                                                                                                          • Instruction ID: 062915080589a47d1c0dd9f883c4e544feba6906e2dfe5801e753d3339e4a92d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2df8f823dee3a4e6103b78dbbd3d7b57c140bcc93bbcb049701e9a1bf888716e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50F02821B1864181EB94CB2EF9482BC6391DF88BD0F188030EF5C83B56EE2CD5918300
                                                                                                                                                                                                          Function 00007FF8B6171802 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_strdup
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                          • API String ID: 1296259186-592572767
                                                                                                                                                                                                          • Opcode ID: 341e3771f4aad3f09f7e211aea58c9862a56f43484323c9c39dac2e580676f59
                                                                                                                                                                                                          • Instruction ID: 07663ff6f1954f5c7152f3955d859152b33f534836227225fa511c8da6d4c23e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 341e3771f4aad3f09f7e211aea58c9862a56f43484323c9c39dac2e580676f59
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6121A132A08A4285EBA0CF09F4443BE67A1E744BC8F684175EB5C4BA95CF7DD686CB40
                                                                                                                                                                                                          Function 00007FF8B61716F9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_buffer.c
                                                                                                                                                                                                          • API String ID: 2581946324-837614940
                                                                                                                                                                                                          • Opcode ID: 9bef89b4933329271a9007a90ab2eccc7ab417357871830a37ef1605a604b937
                                                                                                                                                                                                          • Instruction ID: 9e5fb9b4db97da9c492de9a4c7c2c9c85969ef019f72df78a70c0fd9416557c5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9bef89b4933329271a9007a90ab2eccc7ab417357871830a37ef1605a604b937
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D019272A26B52C1E6509F19E4401EC77A4FB497D8F591035FB8C5B759CF38D162C740
                                                                                                                                                                                                          Function 00007FF8B61A7860 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                                          • API String ID: 2581946324-1165805907
                                                                                                                                                                                                          • Opcode ID: 6fcf97e0e485f858be2a418afd2634a575a1e3c18819c7da17e24f1c4680f394
                                                                                                                                                                                                          • Instruction ID: 2242435fbb14a2a6f86621b7ceabd3dc7c2a1f05ede862c989d7b5d3527e7ce1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fcf97e0e485f858be2a418afd2634a575a1e3c18819c7da17e24f1c4680f394
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAE012A2F03A4049E7D09B69D84639422A5EB4D794F580070DF0CC7B82EE3A85A58314
                                                                                                                                                                                                          Function 00007FF8B61718DE Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: D_unlockD_write_lock
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1724170673-0
                                                                                                                                                                                                          • Opcode ID: 4f8bad9adfda131536376350bb6b9145db97e2bd6f149847afcdee69e0a3b2eb
                                                                                                                                                                                                          • Instruction ID: db8e6772da6714a689603a0ca01a377fbfa25997feed0ab7ec8f31f2bde3b821
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f8bad9adfda131536376350bb6b9145db97e2bd6f149847afcdee69e0a3b2eb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09E08662F1968292E7599B29E5592B86224FB8C7C0F584070FF5D87792DE28E5618300
                                                                                                                                                                                                          Function 00007FF8B61C8720 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_memcmp
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2788248766-0
                                                                                                                                                                                                          • Opcode ID: fd7f3047172d3ad62f625afd67d83b8d4831cbab27d22cc9d9314919d5c5ee02
                                                                                                                                                                                                          • Instruction ID: b2337fe816f0bf6aa25e97b2aef89e62dfb2e40184642034060cb9219035fa2c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd7f3047172d3ad62f625afd67d83b8d4831cbab27d22cc9d9314919d5c5ee02
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AD0A916F0750282EA98B73E899B0A802C0AB807D0FA880B4EA0DC2A81DD0CD8AB4601
                                                                                                                                                                                                          Function 00007FF8B61B08D0 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_memcmp
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2788248766-0
                                                                                                                                                                                                          • Opcode ID: fd7f3047172d3ad62f625afd67d83b8d4831cbab27d22cc9d9314919d5c5ee02
                                                                                                                                                                                                          • Instruction ID: 5e3cf13f836e0c6b50a615915792b5317295fffba3f88006e4363002b6607142
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd7f3047172d3ad62f625afd67d83b8d4831cbab27d22cc9d9314919d5c5ee02
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DD0C916F4750282E698B77E89AB1A902D49B847D0FA880B4EA0DC2A91DD1DE9AB5601
                                                                                                                                                                                                          Function 00007FF7A3B25820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B25830
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B25842
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B25879
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B2588B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B258A4
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B258B6
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B258CF
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B258E1
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B258FD
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B2590F
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B2592B
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B2593D
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B25959
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B2596B
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B25987
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B25999
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B259B5
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7A3B264BF,?,00007FF7A3B2336E), ref: 00007FF7A3B259C7
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressErrorLastProc
                                                                                                                                                                                                          • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                          • API String ID: 199729137-653951865
                                                                                                                                                                                                          • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                          • Instruction ID: 6673b4ff94afab7c149fcb68319ab9c0c0169d50e5bf7f93c46953a48c2e96d6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5122AA20A0FB4BE2FAD5FF55A814574E366AF04B41BC61136C9DE22370EF7EB5488225
                                                                                                                                                                                                          Function 00007FF7A3B276B0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressErrorLastProc
                                                                                                                                                                                                          • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                          • API String ID: 199729137-3427451314
                                                                                                                                                                                                          • Opcode ID: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                          • Instruction ID: 1ac53beb8b6daae600db178ba1145770c0046f7731d26f2129b81cdd598ba0d5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1402C360A0FB47D2FAD5FFA5B810974A267AF04755BC20135C5DE22372EF7EA1498238
                                                                                                                                                                                                          Function 00007FF8B61935B0 Relevance: 71.9, APIs: 35, Strings: 6, Instructions: 120COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: P_add_cipher$P_add_digest$E_addE_finishY_asn1_find_strY_asn1_get0_info$D_run_onceJ_nid2snP_aes_256_cbcP_get_digestbynameP_md5P_sha1P_sha256
                                                                                                                                                                                                          • String ID: MD5$RSA-SHA1$RSA-SHA1-2$SHA1$ssl3-md5$ssl3-sha1
                                                                                                                                                                                                          • API String ID: 802802306-3803824401
                                                                                                                                                                                                          • Opcode ID: dd0c58f311492a1553c6b7797a71e91fa4e10be650a935932a2d9aa04cf1e641
                                                                                                                                                                                                          • Instruction ID: 70fa655d97ff1ae1285adbb15150a0cdb66507ac5eb6f229382cedb2705bd319
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd0c58f311492a1553c6b7797a71e91fa4e10be650a935932a2d9aa04cf1e641
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57411054E0F28750FAA9BBFE64262F802505F827D0F4020F5EB9E562D7ED2EB0095761
                                                                                                                                                                                                          Function 00007FF8B78228A0 Relevance: 44.2, APIs: 12, Strings: 13, Instructions: 411COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2237255441.00007FF8B7821000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF8B7820000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237222809.00007FF8B7820000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237289405.00007FF8B7835000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237332601.00007FF8B783B000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237368731.00007FF8B783F000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b7820000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Err_Format$DeallocDict_$ContainsItemSequence_Tuple_
                                                                                                                                                                                                          • String ID: %.200s%s missing required argument '%U' (pos %d)$%.200s%s missing required keyword-only argument '%U'$%.200s%s takes %s %d positional argument%s (%zd given)$%.200s%s takes at most %d %sargument%s (%zd given)$%.200s%s takes no positional arguments$'%S' is an invalid keyword argument for %.200s%s$argument for %.200s%s given by name ('%U') and position (%d)$at least$at most$exactly$function$keyword $this function
                                                                                                                                                                                                          • API String ID: 4272797680-3030676885
                                                                                                                                                                                                          • Opcode ID: b2e98c56b0206e109a11d3cbbff435fe297a28d55b8d7a015c9a434af2272ab6
                                                                                                                                                                                                          • Instruction ID: 1d77829a8976c5aec865ec356908a42141f33c4b0bd3cdea9e80e8179cefb2fe
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b2e98c56b0206e109a11d3cbbff435fe297a28d55b8d7a015c9a434af2272ab6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB026B22B09B8685DA64CF19E4402AD7BA0FB48BD6F864436EB4E57B74DF3CE644C704
                                                                                                                                                                                                          Function 00007FF8B61A2670 Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 198COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A26E6
                                                                                                                                                                                                          • OPENSSL_sk_num.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A270B
                                                                                                                                                                                                          • OPENSSL_sk_value.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A2719
                                                                                                                                                                                                          • OPENSSL_sk_num.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A273E
                                                                                                                                                                                                          • X509_get_pubkey.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A2752
                                                                                                                                                                                                          • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A27A1
                                                                                                                                                                                                          • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A27C7
                                                                                                                                                                                                          • EVP_PKEY_missing_parameters.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A27D4
                                                                                                                                                                                                          • EVP_PKEY_missing_parameters.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A27E0
                                                                                                                                                                                                          • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A2808
                                                                                                                                                                                                          • EVP_PKEY_missing_parameters.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A281A
                                                                                                                                                                                                          • EVP_PKEY_copy_parameters.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A2829
                                                                                                                                                                                                          • EVP_PKEY_cmp.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A2834
                                                                                                                                                                                                          • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A2861
                                                                                                                                                                                                          • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A28B5
                                                                                                                                                                                                          • X509_chain_up_ref.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A28C7
                                                                                                                                                                                                          • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A28F1
                                                                                                                                                                                                          • OPENSSL_sk_pop_free.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A2913
                                                                                                                                                                                                          • X509_free.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A293F
                                                                                                                                                                                                          • X509_up_ref.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A2947
                                                                                                                                                                                                          • EVP_PKEY_free.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A296E
                                                                                                                                                                                                          • EVP_PKEY_up_ref.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A2976
                                                                                                                                                                                                          • EVP_PKEY_free.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FF8B61A1AE7), ref: 00007FF8B61A29BA
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error$Y_missing_parameters$L_sk_numY_free$L_sk_pop_freeL_sk_valueX509_chain_up_refX509_freeX509_get_pubkeyX509_up_refY_cmpY_copy_parametersY_up_ref
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                          • API String ID: 2437944788-2723262194
                                                                                                                                                                                                          • Opcode ID: 619245754bb659d5122f7d9154dec4fb32eec282ca408cb8d922b41d08fb004e
                                                                                                                                                                                                          • Instruction ID: 397ccfb1e5f4f604263bedf26dcbfd31bb26a07cd953517968c571eda5901d17
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 619245754bb659d5122f7d9154dec4fb32eec282ca408cb8d922b41d08fb004e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE91AF71E0968281EA20EB19E4547BE63A0FB84BC4F584176EF5D47B86DF3CE505D700
                                                                                                                                                                                                          Function 00007FF8B6171631 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 202COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Digest$Update$Final_exX_copy_exX_freememcpy$D_sizeR_flagsX_cipherX_mdX_new
                                                                                                                                                                                                          • String ID: 666666666666666666666666666666666666666666666666\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
                                                                                                                                                                                                          • API String ID: 3621087735-2009547811
                                                                                                                                                                                                          • Opcode ID: 94b4598ae1dd732c0c64b589e13abd56bf9e7141cd83c843d7812ca1a9cb7814
                                                                                                                                                                                                          • Instruction ID: 81f5f9b7cad56e40f0c9a3ed73bdeb9a62e3dc3bc64b333a64f24d2d10ff8755
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 94b4598ae1dd732c0c64b589e13abd56bf9e7141cd83c843d7812ca1a9cb7814
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A371F896B0D78344FA20EF2EA8112FA6B95EF45BE8F4441B5EF4D47B96DE2CE4448700
                                                                                                                                                                                                          Function 00007FF8B61DB770 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 218COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: X_ctrl$X_free$D_sizeR_put_errorX_new_idY_derive_init
                                                                                                                                                                                                          • String ID: ..\s\ssl\tls13_enc.c$U$W$tls13
                                                                                                                                                                                                          • API String ID: 2176224248-2595563013
                                                                                                                                                                                                          • Opcode ID: 2fdd5425c142218ec4561aaaf078cdcfb5673f3bba546d20a6ff61655d6c2612
                                                                                                                                                                                                          • Instruction ID: e27525a274a5dabc026ca21cc2445850c54d8819ddce2454d3253b1cc27ac887
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fdd5425c142218ec4561aaaf078cdcfb5673f3bba546d20a6ff61655d6c2612
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC918C72B0C68282FA30AF2AE4417BA6755AB857C4F444171EF4E47AD9DF3DE905CB40
                                                                                                                                                                                                          Function 00007FF8B7829820 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 282COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2237255441.00007FF8B7821000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF8B7820000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237222809.00007FF8B7820000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237289405.00007FF8B7835000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237332601.00007FF8B783B000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237368731.00007FF8B783F000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b7820000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Dealloc$Object_$CompareContainsErr_FormatMethodNumber_RichSet_SubtypeType_Vectorcall
                                                                                                                                                                                                          • String ID: bool$feed$set
                                                                                                                                                                                                          • API String ID: 3730914188-561237756
                                                                                                                                                                                                          • Opcode ID: 05957306e2c15c5e5116d921c832dc42546ddd8f0aba6945885f23b1ba1ca97d
                                                                                                                                                                                                          • Instruction ID: a3b441f8b8da3610ce56efa0d4e2f61128f204e559eedb833e014760a96eb603
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05957306e2c15c5e5116d921c832dc42546ddd8f0aba6945885f23b1ba1ca97d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45C16D21B4DB0681FA608B2EE85127E6B95AF49BD3F494435EF4E177B5DE2CE4408348
                                                                                                                                                                                                          Function 00007FF8A84F1150 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 188COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Unicode_$Equal$Arg_Ready$ArgumentCheckMallocMem_PositionalSubtypeType_
                                                                                                                                                                                                          • String ID: argument 1$argument 2$invalid normalization form$normalize$str
                                                                                                                                                                                                          • API String ID: 3079088272-4140678229
                                                                                                                                                                                                          • Opcode ID: b3368b4d5ebc76702a08d31141259cd441a1b31ece55319e5db85749e5f54646
                                                                                                                                                                                                          • Instruction ID: 9583d6ced4ca2137d26a7fe553c7ca6c886252f65c7a44b285d5878b23c2ba94
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3368b4d5ebc76702a08d31141259cd441a1b31ece55319e5db85749e5f54646
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C81CD30A0F682A1FB658B9299003792391FF45FC4F458239DD8E97795EFADEC018328
                                                                                                                                                                                                          Function 00007FF7A3B281C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B29400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7A3B245E4,00000000,00007FF7A3B21985), ref: 00007FF7A3B29439
                                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,00007FF7A3B288A7,?,?,00000000,00007FF7A3B23CBB), ref: 00007FF7A3B2821C
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B22810: MessageBoxW.USER32 ref: 00007FF7A3B228EA
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                          • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                          • API String ID: 1662231829-930877121
                                                                                                                                                                                                          • Opcode ID: 6fbdb188916104b0c2c5940302cfd80688c9116ecc918f500a0c860990a20752
                                                                                                                                                                                                          • Instruction ID: aae6f7088640b49bfebefe2be76b6dcf83b1d188a99ac63895178cfebd8fe714
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fbdb188916104b0c2c5940302cfd80688c9116ecc918f500a0c860990a20752
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B51C911B1B6C281F7D0FF60E841AB9E253AF94780FC64531E5CEE66B5EE2EE1048760
                                                                                                                                                                                                          Function 00007FF8B617179E Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_free_allO_int_ctrlO_newO_nextO_popO_pushO_s_socketO_up_refR_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 2360723678-1080266419
                                                                                                                                                                                                          • Opcode ID: c079e88b0310191bac4f2b0d2aeb6e16197105a1133e95d39aa7da32c9600f36
                                                                                                                                                                                                          • Instruction ID: 68d7973d0c5360d40eee359983016b3369bea2aea6882d2b307dd692d6d466e5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c079e88b0310191bac4f2b0d2aeb6e16197105a1133e95d39aa7da32c9600f36
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59413C22A0B602C1EB68EF2AD15117D63A0EF84BC8F5445B1EF4E47BD9DF2CE8568341
                                                                                                                                                                                                          Function 00007FF7A3B21600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                          • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                          • API String ID: 2050909247-1550345328
                                                                                                                                                                                                          • Opcode ID: b438ac9593aa65caaca4b757467b05afc463448879c6b570786e287927310b36
                                                                                                                                                                                                          • Instruction ID: 35bdbcd101cbb3b57b34ac0eb12a3baff017326a6052ad3d75ce3a8f80a5998d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b438ac9593aa65caaca4b757467b05afc463448879c6b570786e287927310b36
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F51B461B0A68382EA94FF9194005B9E352BF44794FC64231EECC27BB5DF3EE5458720
                                                                                                                                                                                                          Function 00007FF8B7824090 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 88COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2237255441.00007FF8B7821000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF8B7820000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237222809.00007FF8B7820000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237289405.00007FF8B7835000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237332601.00007FF8B783B000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237368731.00007FF8B783F000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b7820000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Dealloc$Err_$AttrDict_Object_String$ClearExceptionItemMatches
                                                                                                                                                                                                          • String ID: __mypyc_attrs__$__mypyc_attrs__ is not a tuple
                                                                                                                                                                                                          • API String ID: 2346549887-4201147154
                                                                                                                                                                                                          • Opcode ID: 7c1e50ad8ddd95ffc3f7bdf20bdb18ec67bd1bf23086ccb602c5d9f808a5bfde
                                                                                                                                                                                                          • Instruction ID: 5b6fdadbc97c67260c599fce24f42b67edaf25c83133eb6aa2809dcfaaf9d976
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c1e50ad8ddd95ffc3f7bdf20bdb18ec67bd1bf23086ccb602c5d9f808a5bfde
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD316621B48B1681EA559F2EE80427E7BA0BF58FD6F568431DF1E42770EE3CE8448318
                                                                                                                                                                                                          Function 00007FF8A84F2500 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 72COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Module_$Dealloc$ObjectObject_$Capsule_ConstantFromMallocMem_SpecStringTrackTypeType_
                                                                                                                                                                                                          • String ID: 13.0.0$_ucnhash_CAPI$ucd_3_2_0$unidata_version
                                                                                                                                                                                                          • API String ID: 288921926-2302946913
                                                                                                                                                                                                          • Opcode ID: 7bbd23ebe987af1e45d56d99bc958bd3be6f45c1a216322346f2f04b6fdbad98
                                                                                                                                                                                                          • Instruction ID: a4d60509b6a0004046a59751ef8ce2f88435ae489e30b886f37663b5a13fffc9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7bbd23ebe987af1e45d56d99bc958bd3be6f45c1a216322346f2f04b6fdbad98
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5216D30E0FA13A1FA149B61A91017962A4FF49FD1F48513CE94F86796DFADEC448338
                                                                                                                                                                                                          Function 00007FF8A84F4744 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 101COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Arg_Unicode_$ArgumentCheckDigitErr_FromLongLong_PositionalReadyString
                                                                                                                                                                                                          • String ID: a unicode character$argument 1$digit$not a digit
                                                                                                                                                                                                          • API String ID: 2437920334-4278345224
                                                                                                                                                                                                          • Opcode ID: 6012816ae349b313dbb15cfef4038f2eb10e94937778e0669fc45add8e2586e3
                                                                                                                                                                                                          • Instruction ID: 99563653ce16d6a9044d1da0ce368c399f3a0b562fa7e158f995cdf2e14a7afe
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6012816ae349b313dbb15cfef4038f2eb10e94937778e0669fc45add8e2586e3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0417935B0B686A1FB508B55D95023923A1FF84FD4F54C539CA0E876A4DFADEC46C328
                                                                                                                                                                                                          Function 00007FF7A3B280B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                          • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                          • API String ID: 3975851968-2863640275
                                                                                                                                                                                                          • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                          • Instruction ID: f104a9650453b30570b59ed0137c8b4a499c81c7d6f425d761a28bcb8ecbddb2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A421FD21B0A682C2F785AF76B844579A252EF88B91F8A0230DBDD933F4DE2DD5408220
                                                                                                                                                                                                          Function 00007FF8B61A1760 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error$Y_new
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c$o
                                                                                                                                                                                                          • API String ID: 2632022502-2060984337
                                                                                                                                                                                                          • Opcode ID: ee4d282efca08494247b446af9466003bc83b21e6ed35efd7bb29353271e6409
                                                                                                                                                                                                          • Instruction ID: db69138be3da828082b7d63744482495f4d4f539cf37cfbce9c59f5b1dfc1a27
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee4d282efca08494247b446af9466003bc83b21e6ed35efd7bb29353271e6409
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03218322F0954282EA50EB69F5412FE67A1EF89BC8F484070EF5D47B86DF2DE9558B00
                                                                                                                                                                                                          Function 00007FF8A84F2740 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 349153199-0
                                                                                                                                                                                                          • Opcode ID: d9075fb2b0ba11a0ca4eca901d47b6c9aa6f7dca5772fbcecca27907c885e73c
                                                                                                                                                                                                          • Instruction ID: cd97cfd5353474429632a03e1b7a569420d129dfe326a6340752f5412c0a1c3b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9075fb2b0ba11a0ca4eca901d47b6c9aa6f7dca5772fbcecca27907c885e73c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D81BF30E0F663A6FAA4AB6594412B92691EF85FC0F14813DD94C437A6DFBCEC458738
                                                                                                                                                                                                          Function 00007FF8B61CF570 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Y_free
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                          • API String ID: 1282063954-348624464
                                                                                                                                                                                                          • Opcode ID: 10967db8b4a0ecacf490d994dfcd3eb33a1f965117082bcd42c523ea3f665768
                                                                                                                                                                                                          • Instruction ID: 9ae1107213cb9b6e69b5789353716cdf386e7276d0cff13091535645fe99fb74
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10967db8b4a0ecacf490d994dfcd3eb33a1f965117082bcd42c523ea3f665768
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07419932B09B8289EA209F1AA45077E77A0EF84BD4F484175EF8D0BB95CF3CE1499704
                                                                                                                                                                                                          Function 00007FF8A84F4AFC Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Unicode_$Equal$CompareDeallocErr_ReadyString
                                                                                                                                                                                                          • String ID: invalid normalization form
                                                                                                                                                                                                          • API String ID: 3010910608-2281882113
                                                                                                                                                                                                          • Opcode ID: db7500ed328ea89a7218ce296b7fc290dacc1b6cdf2a18ecf46c4dd9d09d4559
                                                                                                                                                                                                          • Instruction ID: e532ddecc936c2919972f03495eaf4886148543ee2beca0ef7244dd6a7a3f212
                                                                                                                                                                                                          • Opcode Fuzzy Hash: db7500ed328ea89a7218ce296b7fc290dacc1b6cdf2a18ecf46c4dd9d09d4559
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6417721A0FA42A5FA548B52A94033923A0FF58FC4F85853DDD4E877A5DFADE8048328
                                                                                                                                                                                                          Function 00007FF8A84F4A10 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 58COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Arg_$ArgumentReadyUnicode_$CheckPositional
                                                                                                                                                                                                          • String ID: argument 1$argument 2$is_normalized$str
                                                                                                                                                                                                          • API String ID: 396090033-184702317
                                                                                                                                                                                                          • Opcode ID: b950980b051188fd453917d274be7701766f47d4e60d3c5bfe9a1c2cbcee6fba
                                                                                                                                                                                                          • Instruction ID: 7491bce368a928dfc5b2b0f02a126b6176aeb085d694a32dfc4a0d55010eaf0d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b950980b051188fd453917d274be7701766f47d4e60d3c5bfe9a1c2cbcee6fba
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6216D21E1BB86A5EB508B65E8402792360FF44FD8F449239DD1D476A4DFACEC06C32C
                                                                                                                                                                                                          Function 00007FF7A3B36300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: -$:$f$p$p
                                                                                                                                                                                                          • API String ID: 3215553584-2013873522
                                                                                                                                                                                                          • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                          • Instruction ID: 19c5a763df3c0a272ae3a9c3607282bf421adc2f9d3900d8f26d7635db8e4304
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F12A061E0A16786FBE87E1591843B9F6A2FB40750FC64135D6C927EE4DF3EE5808B20
                                                                                                                                                                                                          Function 00007FF7A3B31038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: f$f$p$p$f
                                                                                                                                                                                                          • API String ID: 3215553584-1325933183
                                                                                                                                                                                                          • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                          • Instruction ID: 4c614a2131924ee7bccd6680da652f676fdf65ccc8336da5469a055dff04455a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A712D321E0E16385FBA8BE55E4142B9F26BFB80754FCA4035D6C952DF4DB7EE5808B20
                                                                                                                                                                                                          Function 00007FF8B618F550 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 340stringCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: strncmp
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_ciph.c$SECLEVEL=$STRENGTH
                                                                                                                                                                                                          • API String ID: 1114863663-3120971754
                                                                                                                                                                                                          • Opcode ID: dc5b341e1da973bb5e32f42e555693f9dd922a46156202e334d8255a21db2461
                                                                                                                                                                                                          • Instruction ID: c10b8e382730abd7387af0053ad2c0c8d9b44a6d28466c453d254c98424fa727
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc5b341e1da973bb5e32f42e555693f9dd922a46156202e334d8255a21db2461
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84E16D76A0C6868EE7708F1EA04037AB7A1FB857D4F144175DB9D876AADF3CE8419B00
                                                                                                                                                                                                          Function 00007FF8B6192740 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 127COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                          • String ID: , value=$..\s\ssl\ssl_conf.c$cmd=
                                                                                                                                                                                                          • API String ID: 1767461275-2539137415
                                                                                                                                                                                                          • Opcode ID: 931b6308100c0c735360a67d08023accb56f8525ad1edf0bfe1c16d29ab47f40
                                                                                                                                                                                                          • Instruction ID: bfe245bf21544b2d72bf506d45e97cad5ae3544b0d551b23b7805209e3a5fab0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 931b6308100c0c735360a67d08023accb56f8525ad1edf0bfe1c16d29ab47f40
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6517B62B18602C2FB548B1DE4402A963A1FB84BC4F584176EB5C07BEADF3CE9968700
                                                                                                                                                                                                          Function 00007FF7A3B21050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                          • API String ID: 2050909247-3659356012
                                                                                                                                                                                                          • Opcode ID: 6c44fc12f90ac9abec2ec16274bdf5e9c83ab404e8f3d54f1266a05c4574213e
                                                                                                                                                                                                          • Instruction ID: 6176e9408c872933f1e92b44e48565602e616a2c402e7b92ea6083bf4fe4adf9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c44fc12f90ac9abec2ec16274bdf5e9c83ab404e8f3d54f1266a05c4574213e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30419521B0A59282FA84FF52A8019B9E392BF44BC4FC64531EDCD27BB5DE3EE1018750
                                                                                                                                                                                                          Function 00007FF7A3B28850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetTempPathW.KERNEL32(?,?,00000000,00007FF7A3B23CBB), ref: 00007FF7A3B288F4
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00007FF7A3B23CBB), ref: 00007FF7A3B288FA
                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000,00007FF7A3B23CBB), ref: 00007FF7A3B2893C
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B28A20: GetEnvironmentVariableW.KERNEL32(00007FF7A3B2388E), ref: 00007FF7A3B28A57
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B28A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7A3B28A79
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B382A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A3B382C1
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B22810: MessageBoxW.USER32 ref: 00007FF7A3B228EA
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                          • API String ID: 3563477958-1339014028
                                                                                                                                                                                                          • Opcode ID: 6ea14b1c2d16789ddeaa0d8cc05df9935aa6d91fa7ad17376743f3d33dced37a
                                                                                                                                                                                                          • Instruction ID: 54006214e56b68227c22573bd94779dd78c5d81a9803b0b06714dcbc65b7ce05
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ea14b1c2d16789ddeaa0d8cc05df9935aa6d91fa7ad17376743f3d33dced37a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC41F811B0B69245F994FFA2A8515F99353AF84780FC60231DD8DA7BF6DD3ED5048320
                                                                                                                                                                                                          Function 00007FF8B61A0620 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error$Y_new
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                          • API String ID: 2632022502-2723262194
                                                                                                                                                                                                          • Opcode ID: b201dedd484929c0a4d24b334bc5732d54976be748ea24e33b8dc17cd9a943d5
                                                                                                                                                                                                          • Instruction ID: 8b7511cb711adbda527a828bbb4e94be29ff8b154512620756c9fb02f67fdab5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b201dedd484929c0a4d24b334bc5732d54976be748ea24e33b8dc17cd9a943d5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33218321F0968182EA50EB29F5512FE67A1EF897C8F584071EF4D47B86DF2CE9518B00
                                                                                                                                                                                                          Function 00007FF8B78290D0 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2237255441.00007FF8B7821000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF8B7820000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237222809.00007FF8B7820000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237289405.00007FF8B7835000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237332601.00007FF8B783B000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237368731.00007FF8B783F000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b7820000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Object_$DeallocErr_Object$ArgsAttrCallInstance
                                                                                                                                                                                                          • String ID: eligible
                                                                                                                                                                                                          • API String ID: 2838319001-1278981203
                                                                                                                                                                                                          • Opcode ID: 8d0f5874ec826c0ea1a04439bcab145a26b0fabb4b6a36d278dd4050dcab920c
                                                                                                                                                                                                          • Instruction ID: 7c3ed878ed5efc9c87143a7c2d48e604e44f5edfd94b8fe5dc1836fcba829b23
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d0f5874ec826c0ea1a04439bcab145a26b0fabb4b6a36d278dd4050dcab920c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41112760B89B0686FA549B2FEC5813D2BA0AF4DFD2F095030EE1E17374EE2CE4458318
                                                                                                                                                                                                          Function 00007FF8B6171677 Relevance: 13.6, APIs: 9, Instructions: 82COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_free_allO_next$O_popO_pushO_up_ref
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1496992895-0
                                                                                                                                                                                                          • Opcode ID: d03d8840c3fbb8b9c54e59ae80f638f519a9124658c3b799017e53a6aa270323
                                                                                                                                                                                                          • Instruction ID: 578ec2a864ea22abd5cb03d465d1aa690c74849eb90a4bd3b812ba968ed32e08
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d03d8840c3fbb8b9c54e59ae80f638f519a9124658c3b799017e53a6aa270323
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90313E22F0B641C1EFA8AF19D1511386360FF84BC4B1514B1EF9E07BC9DE29E8568341
                                                                                                                                                                                                          Function 00007FF8B619C500 Relevance: 13.6, APIs: 9, Instructions: 77COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: P_resp_count$E_freeL_sk_new_nullP_freeP_get1_ext_d2iP_resp_get0P_response_get1_basicR_put_errorT_freed2i_
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4245524859-0
                                                                                                                                                                                                          • Opcode ID: c62a8b4eb6d9856d38cd459085609c2473b8b5396092d49879e368d50c324ca5
                                                                                                                                                                                                          • Instruction ID: 151f743ee35accfe48b6462eadc5707410a7a795831a25022785e6271865ddfa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c62a8b4eb6d9856d38cd459085609c2473b8b5396092d49879e368d50c324ca5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3521B311F0E75282FE64A76EA4513BA16D0AF89BC4F4480B5EF4D87BD6EE6DE4028740
                                                                                                                                                                                                          Function 00007FF7A3B2EA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                          • API String ID: 849930591-393685449
                                                                                                                                                                                                          • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                          • Instruction ID: ba31fc5c217dc89364841d4547c9f7909d081c00a6cd28b20192846c05cd7f07
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DBD1B33290978186EBA0AFA6D4447ADB7A5FB45788F510235EE8D67BA5CF3DE040C720
                                                                                                                                                                                                          Function 00007FF8B61717DF Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 139COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_new
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c$No ciphers enabled for max supported SSL/TLS version$n
                                                                                                                                                                                                          • API String ID: 458078758-706774904
                                                                                                                                                                                                          • Opcode ID: 2e01c01044a4d995802bfc430c0eb289d3696b1ae998ba6a96851d3107d2c4a9
                                                                                                                                                                                                          • Instruction ID: bdc4a64542e3226c1d5891cdb197f9f01bdfff3212109f2f95cc367d0f0a71d8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e01c01044a4d995802bfc430c0eb289d3696b1ae998ba6a96851d3107d2c4a9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02617B72A08A8295E7909F29D4803BD2BA0FB85BC8F185175DF4E8B795DF3CE489C704
                                                                                                                                                                                                          Function 00007FF8A84F1720 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 127COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Unicode_$Arg_ArgumentFromReadyStringSubtypeType_
                                                                                                                                                                                                          • String ID: a unicode character$argument$category
                                                                                                                                                                                                          • API String ID: 2803103377-2068800536
                                                                                                                                                                                                          • Opcode ID: 77e4fbcc9945f98615f4233877a45c53ce06f8666a47e47bebf05d0cff7d07bc
                                                                                                                                                                                                          • Instruction ID: a12e518f171ebaa0066a7921e0944c4142328f7df1f2be9e97b3e46804beacb3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77e4fbcc9945f98615f4233877a45c53ce06f8666a47e47bebf05d0cff7d07bc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C51C462F0B686A2FB198B09D59067927A1FB44FD4F04013DDA9E47790DFACEC55C328
                                                                                                                                                                                                          Function 00007FF7A3B3ED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF7A3B3F11A,?,?,-00000018,00007FF7A3B3ADC3,?,?,?,00007FF7A3B3ACBA,?,?,?,00007FF7A3B35FAE), ref: 00007FF7A3B3EEFC
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF7A3B3F11A,?,?,-00000018,00007FF7A3B3ADC3,?,?,?,00007FF7A3B3ACBA,?,?,?,00007FF7A3B35FAE), ref: 00007FF7A3B3EF08
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                          • API String ID: 3013587201-537541572
                                                                                                                                                                                                          • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                          • Instruction ID: ecaa3ed4eab745445aaf5182c0a324d129e5cb9c75ccc18047256c0c10523a05
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA414C22B1B62581FAD9EF169804575A393BF44B90FCA4136DD9D67FA4DE3EE4048320
                                                                                                                                                                                                          Function 00007FF8A84F1000 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 110COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Unicode_$Arg_ArgumentFromReadyStringSubtypeType_
                                                                                                                                                                                                          • String ID: a unicode character$argument$bidirectional
                                                                                                                                                                                                          • API String ID: 2803103377-2110215792
                                                                                                                                                                                                          • Opcode ID: 5166d7d21aa0e87ff6d356bc12cbbb4a0886e80c494d1a0f7969533388822b75
                                                                                                                                                                                                          • Instruction ID: 27400150dc21870671affc677a29e7d4662a1270354b745f6f58c9598148bb00
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5166d7d21aa0e87ff6d356bc12cbbb4a0886e80c494d1a0f7969533388822b75
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E241D371B0B682A1FB198B15C59027962A1FF44FC4F44413DEA8E876D0DFADEC44C368
                                                                                                                                                                                                          Function 00007FF7A3B22C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7A3B23706,?,00007FF7A3B23804), ref: 00007FF7A3B22C9E
                                                                                                                                                                                                          • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7A3B23706,?,00007FF7A3B23804), ref: 00007FF7A3B22D63
                                                                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF7A3B22D99
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                          • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                          • API String ID: 3940978338-251083826
                                                                                                                                                                                                          • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                          • Instruction ID: 9953abd0e9de15fb65e3609415924e242d38217421590934457cc39a6ef49d0d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1331093370968042E660BF61B8006ABA692BF847C4F820236DFCDA7769DE3DD506C310
                                                                                                                                                                                                          Function 00007FF8A84F45DC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FromStringUnicode_$S_snprintfSizeSubtypeType_memcpy
                                                                                                                                                                                                          • String ID: $%04X
                                                                                                                                                                                                          • API String ID: 762632776-4013080060
                                                                                                                                                                                                          • Opcode ID: f342e37f7829702106382c91b0b4711f28b24119364d3e66c8b0f26c67739c47
                                                                                                                                                                                                          • Instruction ID: 0e73152e1547cecc0d53c237fc46937808fc9970ca25d6006d6f4a4d958205fb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f342e37f7829702106382c91b0b4711f28b24119364d3e66c8b0f26c67739c47
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F31B372A0A98161FA218B14D8143B973A1FF45FE4F484339DA6E077D5DFACD9458324
                                                                                                                                                                                                          Function 00007FF8A84F4C78 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                                                                                                                                                                                                          • String ID: a unicode character$argument$mirrored
                                                                                                                                                                                                          • API String ID: 3097524968-4001128513
                                                                                                                                                                                                          • Opcode ID: 79e7af762cd712f15becbe6e0b4d9f328360e95f3de6ce047a05089685b655d1
                                                                                                                                                                                                          • Instruction ID: d8a7dff9dee03634684a7abd597dfafadd015a37711c7a2ed37ade96da54c1f3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79e7af762cd712f15becbe6e0b4d9f328360e95f3de6ce047a05089685b655d1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57317A60B0B646A2FB648B25D85137922A1FF44FD4F14853DCE1E873D4DFACEC458268
                                                                                                                                                                                                          Function 00007FF8A84F41A4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                                                                                                                                                                                                          • String ID: a unicode character$argument$combining
                                                                                                                                                                                                          • API String ID: 3097524968-4202047184
                                                                                                                                                                                                          • Opcode ID: 6b52bc21d5dceee45583528fb996112a3178edb97db6aa29c7bd250d4d494953
                                                                                                                                                                                                          • Instruction ID: 6515c070cdfe3376976d4a011542288dab7f6e031ddc4643ba85de3974a646d2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b52bc21d5dceee45583528fb996112a3178edb97db6aa29c7bd250d4d494953
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8231CC20B0B606A2FB544B25996137922A1FF84FD4F05853DDE0E823D4DFACED458368
                                                                                                                                                                                                          Function 00007FF8B6171672 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_ctrlO_freeO_newO_s_fileR_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                          • API String ID: 2618924202-2723262194
                                                                                                                                                                                                          • Opcode ID: 7545a12e51818284b5657934bbd6071915fa85bbd2fd23a27a4b37fc0708f1ab
                                                                                                                                                                                                          • Instruction ID: a528431714b722459cdaad340a84225e859dbe970d74c4a5e98ada22ecb0bb88
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7545a12e51818284b5657934bbd6071915fa85bbd2fd23a27a4b37fc0708f1ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B731B431E0D68682F630DF1A94416BE62A1FB45BC4F484074EF9D4BB85DF7CE5018B40
                                                                                                                                                                                                          Function 00007FF8B619E6E0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: D_sizeDigestFinal_exX_copy_exX_freeX_mdX_new
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 2082763299-1080266419
                                                                                                                                                                                                          • Opcode ID: b4ecc85ee2d877b129ba478bb47f6408dd9f6d5d1a6847ef8d6277fe5df6f732
                                                                                                                                                                                                          • Instruction ID: 4f635ec8441be76d08f4adf14731df49ebcdf12cdc029784693acbdc7b5c2382
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4ecc85ee2d877b129ba478bb47f6408dd9f6d5d1a6847ef8d6277fe5df6f732
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB21B035B0D74281EA24EB1AF84167A6B90EF54BD8F144070EF4D47B86DF3CE0468781
                                                                                                                                                                                                          Function 00007FF8B619C790 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: L_sk_popL_sk_push$L_sk_new_nullR_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 531138727-1080266419
                                                                                                                                                                                                          • Opcode ID: 72b23b618e2714b7d8531bcd74357a0d25fa61cdcbaf876205b808bb4746c928
                                                                                                                                                                                                          • Instruction ID: 53e3b90676639fc8495d5f94e5310b603e03b65db21209850e2ccf4c9861c81e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72b23b618e2714b7d8531bcd74357a0d25fa61cdcbaf876205b808bb4746c928
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73218E31E0A692C2EA64DB1A9410179A3A4AF84BD4F4841B5EF8D47BD6EF3CF412C700
                                                                                                                                                                                                          Function 00007FF8B619E860 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_f_bufferO_int_ctrlO_newO_push
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 1655923927-1080266419
                                                                                                                                                                                                          • Opcode ID: 7d4ac05b27d1bd132e9ac2c275e6ac35fc4118e7cdf6544a3c85681280af6716
                                                                                                                                                                                                          • Instruction ID: 05af2752394ce5e77ec492a7cf956a6b4f6932a909c496d4e116f895234c18dc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d4ac05b27d1bd132e9ac2c275e6ac35fc4118e7cdf6544a3c85681280af6716
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91115E62F0924292EB64EB69F5113A963A0EF447C0F440570EB4D47BD5EF3DE5959700
                                                                                                                                                                                                          Function 00007FF8B61715A0 Relevance: 12.1, APIs: 8, Instructions: 115COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: J_nid2sn$D_sizeP_get_cipherbynameP_get_digestbynameR_block_sizeR_flagsR_iv_length
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4211416117-0
                                                                                                                                                                                                          • Opcode ID: fda6d6c3b8aa7bded6564d5cc9954896f967c9983db96fad7675eecd4e352f3d
                                                                                                                                                                                                          • Instruction ID: ceeb97afb686b6b3f64b47ebc1fb0e379d0cf03283653702f2daa437fd06baf4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fda6d6c3b8aa7bded6564d5cc9954896f967c9983db96fad7675eecd4e352f3d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92419E22F1A6128AFA64DB1E955467D6390AF88BE4F1445B2EF4E437D3CE3CF8428341
                                                                                                                                                                                                          Function 00007FF8B619D550 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: L_sk_num$E_dupL_sk_new_nullL_sk_valueX509_
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3273602126-0
                                                                                                                                                                                                          • Opcode ID: 0e573bc13ddf8416ad3aefde0ca97644b29fb472d7d6c98dda913f1410464978
                                                                                                                                                                                                          • Instruction ID: 061ae35fef550d472be04f92e245c442b91288196427af6d7213e15a43bb76de
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e573bc13ddf8416ad3aefde0ca97644b29fb472d7d6c98dda913f1410464978
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35216521F0EB8285FA60EB6EA54117D62B1EF44BC8F4450B1EF4E87BC6DE2CE4528700
                                                                                                                                                                                                          Function 00007FF8B78260D0 Relevance: 12.1, APIs: 8, Instructions: 54threadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2237255441.00007FF8B7821000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF8B7820000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237222809.00007FF8B7820000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237289405.00007FF8B7835000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237332601.00007FF8B783B000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237368731.00007FF8B783F000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b7820000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Dealloc$Object_State_ThreadTrackTrash_beginTrash_condTrash_end
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 227901110-0
                                                                                                                                                                                                          • Opcode ID: 7c6a2acc96253a68dc6a851340103872d099d94b12c7f42d5210857cfd90136e
                                                                                                                                                                                                          • Instruction ID: ba3ce0ff2589a2a7d96ad11de08036257dc00f8d280ddb4bd0dab8cb747b6215
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c6a2acc96253a68dc6a851340103872d099d94b12c7f42d5210857cfd90136e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32210E71B48B4282EB554F3D994833C6BA0EF48FEAF194230DB6E026E5CF2DE4458344
                                                                                                                                                                                                          Function 00007FF8B61BA5E0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: L_sk_num$L_sk_valueR_add_error_data
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$No ciphers enabled for max supported SSL/TLS version
                                                                                                                                                                                                          • API String ID: 2496138956-1190228026
                                                                                                                                                                                                          • Opcode ID: 82452b5608d7221badafe8bfe210e9e7cd59f31f4139706463deab8ad7ec8123
                                                                                                                                                                                                          • Instruction ID: 1ef1f99918e3bb468de9dfb1443473298e9b5dceb6f8c585d3b5ea4d5d44517b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82452b5608d7221badafe8bfe210e9e7cd59f31f4139706463deab8ad7ec8123
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D861E632B09A8246FB608A19E8407BA67A4EB84BD8F5C4175DF4D47B94DF3CE585DB00
                                                                                                                                                                                                          Function 00007FF8B61C0660 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • BN_bin2bn.LIBCRYPTO-1_1(?,?,00000000,00000000,?,00007FF8B61BDDAD), ref: 00007FF8B61C07D5
                                                                                                                                                                                                          • BN_bin2bn.LIBCRYPTO-1_1(?,?,00000000,00000000,?,00007FF8B61BDDAD), ref: 00007FF8B61C07F3
                                                                                                                                                                                                          • BN_bin2bn.LIBCRYPTO-1_1(?,?,00000000,00000000,?,00007FF8B61BDDAD), ref: 00007FF8B61C080D
                                                                                                                                                                                                          • BN_bin2bn.LIBCRYPTO-1_1(?,?,00000000,00000000,?,00007FF8B61BDDAD), ref: 00007FF8B61C0826
                                                                                                                                                                                                          • X509_get0_pubkey.LIBCRYPTO-1_1(?,?,00000000,00000000,?,00007FF8B61BDDAD), ref: 00007FF8B61C0865
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: N_bin2bn$X509_get0_pubkey
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                          • API String ID: 3650846462-1507966698
                                                                                                                                                                                                          • Opcode ID: 278fc5af8a86312b90c9136c6644aefa74232ce8687e1fe171cbe9cd358847fb
                                                                                                                                                                                                          • Instruction ID: 0cec54172a635565f1883ecf43eb471fe9eabebdbccd704adf1ee3340a0ed3c6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 278fc5af8a86312b90c9136c6644aefa74232ce8687e1fe171cbe9cd358847fb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC61E022F08B9184EB508F68A8446AC77B5EB457D8F188670DFAC26B98DF39D291C340
                                                                                                                                                                                                          Function 00007FF8B61CF7F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Y_free
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                          • API String ID: 1282063954-348624464
                                                                                                                                                                                                          • Opcode ID: 7b14953ebf8d76769b98864a68384ebc76ace5062db5951c6759b97e19e98bb1
                                                                                                                                                                                                          • Instruction ID: 9a153fc8e62b69ec3f06bb354324ad7c39b1e9e9dde14d3da3a14c0dc8f8d106
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b14953ebf8d76769b98864a68384ebc76ace5062db5951c6759b97e19e98bb1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7418D72A0878296EA209F1AE0546AD7BA4EB45BD4F444175EF8C0BB95CF3CE64AC704
                                                                                                                                                                                                          Function 00007FF8B61D47F0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: H_freeN_free$H_newH_set0_pqgY_security_bits
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3535209601-0
                                                                                                                                                                                                          • Opcode ID: eb53a93a86599d18d73dd647248a56871bddecd4d50ca590b6762aeaf80ecd60
                                                                                                                                                                                                          • Instruction ID: a9edd0161f7022cf8e11dac68a930b508148db25c4e2ca36205ec76e087aeaca
                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb53a93a86599d18d73dd647248a56871bddecd4d50ca590b6762aeaf80ecd60
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A231B412F0E78285FEB8ABAE91953BD1290AF85BC0F1810B5EF4D577D6DE2CE4429740
                                                                                                                                                                                                          Function 00007FF8B7825800 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2237255441.00007FF8B7821000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF8B7820000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237222809.00007FF8B7820000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237289405.00007FF8B7835000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237332601.00007FF8B783B000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237368731.00007FF8B783F000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b7820000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Err_String
                                                                                                                                                                                                          • String ID: 'TooManyAccentuatedPlugin' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'TooManyAccentuatedPlugin' undefined$int
                                                                                                                                                                                                          • API String ID: 1450464846-2022335554
                                                                                                                                                                                                          • Opcode ID: ac4ee888c964d7d91630edaf05918bc56724bc662c6158c676787cd97139c55f
                                                                                                                                                                                                          • Instruction ID: 270d9ef6e1807167c2a5c55d2764923a5a077ebd72ea5846713be8d2b48417a7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac4ee888c964d7d91630edaf05918bc56724bc662c6158c676787cd97139c55f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA318121F48B0281EE589B2DE45527D2BA0FF88BD6F995131EB5E467F5DE6CD480C308
                                                                                                                                                                                                          Function 00007FF8B61715D2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: L_sk_num$L_sk_valueX509_i2d_
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c$2
                                                                                                                                                                                                          • API String ID: 3754435392-3488551833
                                                                                                                                                                                                          • Opcode ID: 655f90d39ba016328d201df62de7c54ca237959c796a846f6dac73a98d3842bb
                                                                                                                                                                                                          • Instruction ID: 3152e55b560b6ca33b27fd85870bdd55e5720b45781675c41b16f2358e116706
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 655f90d39ba016328d201df62de7c54ca237959c796a846f6dac73a98d3842bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8312831F0D75245FB20EB6AA84127E5694AF84BD4F044171EF4D8BB96DE3CE54A8B08
                                                                                                                                                                                                          Function 00007FF8A84F4310 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                          • String ID: a unicode character$argument 1$decimal
                                                                                                                                                                                                          • API String ID: 3545102714-2474051849
                                                                                                                                                                                                          • Opcode ID: 5ec715d8f612314d37dcb9becbe6710ed8f88d4d627242044bdd0e4468f1f11b
                                                                                                                                                                                                          • Instruction ID: cbd48dff481f6d29370c200887ee7aaa1b2a74a4afb6305325b6d6a93ea73516
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ec715d8f612314d37dcb9becbe6710ed8f88d4d627242044bdd0e4468f1f11b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B318B22B0B646A2EB508B15D94027D2261FB84FC4F54C13ADE0D57B94DFBDED46C368
                                                                                                                                                                                                          Function 00007FF8A84F4FB8 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                          • String ID: a unicode character$argument 1$numeric
                                                                                                                                                                                                          • API String ID: 3545102714-2385192657
                                                                                                                                                                                                          • Opcode ID: c696227786d71e6c4bbe31cc5d0caca0a1d546047ec38d9a5dda0198a1748ca8
                                                                                                                                                                                                          • Instruction ID: 503df1d54fe8d2e8dcb6475719838f09f07edaa0c12d5716e896f58611088375
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c696227786d71e6c4bbe31cc5d0caca0a1d546047ec38d9a5dda0198a1748ca8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A318B31B1B646EAFB608B15D6402692261EF80FC4F558439DE0C47794EFAEEC42C3A8
                                                                                                                                                                                                          Function 00007FF8A84F4DEC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                          • String ID: a unicode character$argument 1$name
                                                                                                                                                                                                          • API String ID: 3545102714-4190364640
                                                                                                                                                                                                          • Opcode ID: b29c512bfe7fafda20da377a3f4b5d851a2f6093717912e1f28a2fc0d4ae9dfc
                                                                                                                                                                                                          • Instruction ID: f29edb0306ef27767fde520817a1e7bd6de087a4f07b359e773031dbc033fd41
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b29c512bfe7fafda20da377a3f4b5d851a2f6093717912e1f28a2fc0d4ae9dfc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E314921B1B686A1EB608B16D8402792361FB84FC4F54C039DE4D47B99DF7DEC96CB28
                                                                                                                                                                                                          Function 00007FF7A3B2DD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF7A3B2DFEA,?,?,?,00007FF7A3B2DCDC,?,?,?,00007FF7A3B2D8D9), ref: 00007FF7A3B2DDBD
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF7A3B2DFEA,?,?,?,00007FF7A3B2DCDC,?,?,?,00007FF7A3B2D8D9), ref: 00007FF7A3B2DDCB
                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF7A3B2DFEA,?,?,?,00007FF7A3B2DCDC,?,?,?,00007FF7A3B2D8D9), ref: 00007FF7A3B2DDF5
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF7A3B2DFEA,?,?,?,00007FF7A3B2DCDC,?,?,?,00007FF7A3B2D8D9), ref: 00007FF7A3B2DE63
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF7A3B2DFEA,?,?,?,00007FF7A3B2DCDC,?,?,?,00007FF7A3B2D8D9), ref: 00007FF7A3B2DE6F
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                          • API String ID: 2559590344-2084034818
                                                                                                                                                                                                          • Opcode ID: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                          • Instruction ID: 75be4bf83acf7697c6f0d62b0b4acd68e7dc02a87a9d0d6da660a22aeacd38ec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC31E921B0B78581EE91FF529800975A395FF58B90F8A4639DDAD27360DF3DE4408320
                                                                                                                                                                                                          Function 00007FF7A3B22A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF7A3B2351A,?,00000000,00007FF7A3B23F23), ref: 00007FF7A3B22AA0
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                          • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                          • API String ID: 2050909247-2900015858
                                                                                                                                                                                                          • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                          • Instruction ID: 9f3724fc4777d82f1d36e9bf3eccec85cd9920f351572f9bdfd332f1ed592fe2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5021A63261978192E650EF51B4817E6A355FB883C4F810232EECC63669DF3DD1458750
                                                                                                                                                                                                          Function 00007FF7A3B28760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 995526605-0
                                                                                                                                                                                                          • Opcode ID: 1e3bf3a8b1345e2c0c0bdd6ff4e06add0bb9355989cc78c5a669156b3459c754
                                                                                                                                                                                                          • Instruction ID: 527189d301cca72a61bdb79b633a837abd7c73eaca583aff99f53ea01ef84adf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e3bf3a8b1345e2c0c0bdd6ff4e06add0bb9355989cc78c5a669156b3459c754
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D219821A0D68282EB90AF95B450539E3A2FB817A0F950335DAED97BF8DE7DD4448710
                                                                                                                                                                                                          Function 00007FF7A3B3B1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                                          • Opcode ID: 7a7efe5704aebd884d83a549bac9021180a30b6e3a5084d39c82c78793c2ea5e
                                                                                                                                                                                                          • Instruction ID: fa9419698329e8c4fc0e948954b561092306fc9e1a1c8e2e9ee73743c346d851
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a7efe5704aebd884d83a549bac9021180a30b6e3a5084d39c82c78793c2ea5e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE218120F0E66682F6DCBF615A5117DE1435F447A0F924335E9BE66EFADE2EA4004360
                                                                                                                                                                                                          Function 00007FF7A3B47DDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                          • String ID: CONOUT$
                                                                                                                                                                                                          • API String ID: 3230265001-3130406586
                                                                                                                                                                                                          • Opcode ID: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                          • Instruction ID: 742c174c99961a48832bf96d10bb7500a292cf94ea762cb1af6aca6c92c77708
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D511A221B19A4182F790AF16E844329A6A5BB88BE4F410234DA9E977A4CF3DD8018754
                                                                                                                                                                                                          Function 00007FF8B61718BB Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_ctrlO_freeO_newO_s_fileR_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_txt.c
                                                                                                                                                                                                          • API String ID: 2618924202-3774725576
                                                                                                                                                                                                          • Opcode ID: 76b3cb6e15b9c940ada8efb67fb55efdeb7a6807f8422724ca33bbc732a653dc
                                                                                                                                                                                                          • Instruction ID: 5d70cf13603cff60a7efb158dc1d0aa4c59559c43ac72e28fa1f355713eff891
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76b3cb6e15b9c940ada8efb67fb55efdeb7a6807f8422724ca33bbc732a653dc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5019221F1965282E650EB29F5555BAA760AB84BC4F544070FF4C47B9ADF3CE5418B00
                                                                                                                                                                                                          Function 00007FF7A3B28560 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,?,?,00000000,00007FF7A3B29216), ref: 00007FF7A3B28592
                                                                                                                                                                                                          • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF7A3B29216), ref: 00007FF7A3B285E9
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B29400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7A3B245E4,00000000,00007FF7A3B21985), ref: 00007FF7A3B29439
                                                                                                                                                                                                          • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF7A3B29216), ref: 00007FF7A3B28678
                                                                                                                                                                                                          • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF7A3B29216), ref: 00007FF7A3B286E4
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,00000000,00007FF7A3B29216), ref: 00007FF7A3B286F5
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,00000000,00007FF7A3B29216), ref: 00007FF7A3B2870A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3462794448-0
                                                                                                                                                                                                          • Opcode ID: b2770b171440e78660be4c91fda42c27049aa369c6710ced6bdf6821ec2ad01d
                                                                                                                                                                                                          • Instruction ID: 4bc1dad00278bfedbf1bc8f36c050beb1c17289a93db50fd000ea6a7d0f56332
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b2770b171440e78660be4c91fda42c27049aa369c6710ced6bdf6821ec2ad01d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6941DD2271A6D245E6B0AF51A440AB6A396FF44BC4F860231DFCDB7BA5DE3DD401C720
                                                                                                                                                                                                          Function 00007FF8B6171519 Relevance: 9.1, APIs: 6, Instructions: 106COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: L_sk_num$L_sk_findL_sk_value
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1561070308-0
                                                                                                                                                                                                          • Opcode ID: 49cfb41db51e2d83e384b793f50b7199427ee1d05f205d6aa40966a2a6e1666f
                                                                                                                                                                                                          • Instruction ID: 037ce2afec15ce2b4ffa81fb1bd3822415195b298c72e2b5c61be15be5148358
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49cfb41db51e2d83e384b793f50b7199427ee1d05f205d6aa40966a2a6e1666f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F41A022B0D68286EB649E2E94053797BA0BB56BD4F5C48B5DF4D8B3C9DE3DE4478300
                                                                                                                                                                                                          Function 00007FF7A3B290E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B28760: GetCurrentProcess.KERNEL32 ref: 00007FF7A3B28780
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B28760: OpenProcessToken.ADVAPI32 ref: 00007FF7A3B28793
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B28760: GetTokenInformation.ADVAPI32 ref: 00007FF7A3B287B8
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B28760: GetLastError.KERNEL32 ref: 00007FF7A3B287C2
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B28760: GetTokenInformation.ADVAPI32 ref: 00007FF7A3B28802
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B28760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7A3B2881E
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B28760: CloseHandle.KERNEL32 ref: 00007FF7A3B28836
                                                                                                                                                                                                          • LocalFree.KERNEL32(?,00007FF7A3B23C55), ref: 00007FF7A3B2916C
                                                                                                                                                                                                          • LocalFree.KERNEL32(?,00007FF7A3B23C55), ref: 00007FF7A3B29175
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                          • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                          • API String ID: 6828938-1529539262
                                                                                                                                                                                                          • Opcode ID: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                          • Instruction ID: 76fa0d4d3236f4a3ac72b8783aaede26b382819edb2146c9e147ba1ff64f31a7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B218121B0A78285F780BF50E4157EAB252FF88780FC60135EA8D637A6DF3ED4008360
                                                                                                                                                                                                          Function 00007FF7A3B3B338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF7A3B34F81,?,?,?,?,00007FF7A3B3A4FA,?,?,?,?,00007FF7A3B371FF), ref: 00007FF7A3B3B347
                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7A3B34F81,?,?,?,?,00007FF7A3B3A4FA,?,?,?,?,00007FF7A3B371FF), ref: 00007FF7A3B3B37D
                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7A3B34F81,?,?,?,?,00007FF7A3B3A4FA,?,?,?,?,00007FF7A3B371FF), ref: 00007FF7A3B3B3AA
                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7A3B34F81,?,?,?,?,00007FF7A3B3A4FA,?,?,?,?,00007FF7A3B371FF), ref: 00007FF7A3B3B3BB
                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7A3B34F81,?,?,?,?,00007FF7A3B3A4FA,?,?,?,?,00007FF7A3B371FF), ref: 00007FF7A3B3B3CC
                                                                                                                                                                                                          • SetLastError.KERNEL32(?,?,?,00007FF7A3B34F81,?,?,?,?,00007FF7A3B3A4FA,?,?,?,?,00007FF7A3B371FF), ref: 00007FF7A3B3B3E7
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                                          • Opcode ID: 6c88e88182f069636ae7df0ba171e708af9cab9deaf2d86c464056bb8d47fe11
                                                                                                                                                                                                          • Instruction ID: 1819e64c9c3bb0543c3b1b44a847ef4a880bbcafd1ee569b635b399332d58b07
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c88e88182f069636ae7df0ba171e708af9cab9deaf2d86c464056bb8d47fe11
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF119220B0E66282F7DCBF25564117DE1435F447A0FD24335E8AEA6FFADE6EA4018321
                                                                                                                                                                                                          Function 00007FF7A3B22910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7A3B21B6A), ref: 00007FF7A3B2295E
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                          • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                          • API String ID: 2050909247-2962405886
                                                                                                                                                                                                          • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                          • Instruction ID: b6417ff4dc99a11801b2f32d068d60586c54ec74e41b741cb01756880fa0de2a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3313723B0A68152E750FF61B8416E6A292BF887D4F820232EECCA3765DF3DD1468210
                                                                                                                                                                                                          Function 00007FF8B619F890 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 1767461275-1080266419
                                                                                                                                                                                                          • Opcode ID: 9877330b7861c5d632897e2ce88e0a10cc6ea2c7f2df5a42f89e5af22235fce1
                                                                                                                                                                                                          • Instruction ID: 267a79f5a13e1799b0c324c34d9b14b44ca332a2524ad305d97699c03664ac78
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9877330b7861c5d632897e2ce88e0a10cc6ea2c7f2df5a42f89e5af22235fce1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF315A31A08A82DAE7209F59E4043A97760EB84BD8F244276FB9D47BD5CF3DE446CB00
                                                                                                                                                                                                          Function 00007FF8B61718A2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 1767461275-1080266419
                                                                                                                                                                                                          • Opcode ID: 5e7c9841f93f325714244757ab9d7e0090eaf38bf986610e53f9cecb39fae905
                                                                                                                                                                                                          • Instruction ID: 92f38a95a8f4be77fe1ba2813da0a1ce88b5c3abdc18dbaa95e40699fe2411fd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e7c9841f93f325714244757ab9d7e0090eaf38bf986610e53f9cecb39fae905
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F319072A08A85C2F7608F2CE4443AD63A0EB85BD8F544271EB5C4B7D5DF3DD5868B10
                                                                                                                                                                                                          Function 00007FF8A84F44EC Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Arg_ArgumentReadyUnicode_
                                                                                                                                                                                                          • String ID: a unicode character$argument$decomposition
                                                                                                                                                                                                          • API String ID: 1875788646-2471543666
                                                                                                                                                                                                          • Opcode ID: eb71c64694ba772ea243d88ab20c540854d330459cc9f8d19473c127f4ed5c7a
                                                                                                                                                                                                          • Instruction ID: 65692be002a316b48f0e907440ef838ed6e6763d98e2bf9f5ce352051476ae1b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb71c64694ba772ea243d88ab20c540854d330459cc9f8d19473c127f4ed5c7a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E21BAA1B0B606A2FB549B25D8613796291FF84FE4F44A139DF0E863C4DF6CEC458368
                                                                                                                                                                                                          Function 00007FF8A84F48A8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Arg_ArgumentReadyUnicode_
                                                                                                                                                                                                          • String ID: a unicode character$argument$east_asian_width
                                                                                                                                                                                                          • API String ID: 1875788646-3913127203
                                                                                                                                                                                                          • Opcode ID: 4a816c30405d851c681ac4182914aa0a6507a072684f2f0f21f3bca396e9354a
                                                                                                                                                                                                          • Instruction ID: d3ca9d5d9d34cfef78e356fdbcd7602db29e96ec5820ece793256c5cc77aab34
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a816c30405d851c681ac4182914aa0a6507a072684f2f0f21f3bca396e9354a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E21DE61B0B646A2FB648B25C8617791291FF44FD8F54803DCE4D923C4CF6DEC458768
                                                                                                                                                                                                          Function 00007FF7A3B22B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF7A3B2918F,?,00007FF7A3B23C55), ref: 00007FF7A3B22BA0
                                                                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF7A3B22C2A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentMessageProcess
                                                                                                                                                                                                          • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                          • API String ID: 1672936522-3797743490
                                                                                                                                                                                                          • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                          • Instruction ID: 029b6d3e6d81850db34f88e13fde10a3fd2e68bd5727a21d2e2debf6f0b4378b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4721B122709B8182E691EF54F8457EAA365FB88780F814132EACD67666DE3DD205C750
                                                                                                                                                                                                          Function 00007FF7A3B22710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF7A3B21B99), ref: 00007FF7A3B22760
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                          • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                          • API String ID: 2050909247-1591803126
                                                                                                                                                                                                          • Opcode ID: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                          • Instruction ID: a142615334a08d40bbd4ff4dd9e9bd6931b376a65bebaf5a47195d6d00d6082c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D21A332A1A78192E690EF50B8417E6A395EB88384F810231EECC63669DF3DD5458750
                                                                                                                                                                                                          Function 00007FF8B61715C3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: L_sk_num$L_sk_value
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 1603723057-1080266419
                                                                                                                                                                                                          • Opcode ID: e63cc03bb61770c23f53dcb921607a3fc9bc7c203b65f42536dfa3209a125d91
                                                                                                                                                                                                          • Instruction ID: 3996455449f9b8418bff53d462be3a8f6bbe6a8386aaa48a5e4c9f1b15fb3c99
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e63cc03bb61770c23f53dcb921607a3fc9bc7c203b65f42536dfa3209a125d91
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8521D532B0965182E750EF1DE4512EDA3B1EB88BC8F584075EB4D437A5DF3DD5868704
                                                                                                                                                                                                          Function 00007FF8B6171726 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_ctrlO_freeO_newX_free
                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                                          • API String ID: 3686289451-1839494539
                                                                                                                                                                                                          • Opcode ID: 0f4537b6f273d9a57d62c9505bf84043ba7f1c198fad20582c24826d971f95aa
                                                                                                                                                                                                          • Instruction ID: 5838526dab4c4e767709abbdd624260c8db07252897d9e2bd0881f2968981aca
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f4537b6f273d9a57d62c9505bf84043ba7f1c198fad20582c24826d971f95aa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51214732B0978195EB90DF29E0903AC33A0EB89BC8F488671DF4D4B795DF39D1848700
                                                                                                                                                                                                          Function 00007FF8B618B590 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: L_sk_new_nullL_sk_pushR_put_errorX509_up_ref
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                          • API String ID: 1254856836-349359282
                                                                                                                                                                                                          • Opcode ID: 4350f828ab213a4cbc624b13c2d11809c0d947b25cac28e25d23ca67d5d1a989
                                                                                                                                                                                                          • Instruction ID: 9816d1c87c70d0fcf9d14f929cd2a2a6cc399586c9996d718ea36509079d134c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4350f828ab213a4cbc624b13c2d11809c0d947b25cac28e25d23ca67d5d1a989
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64115E61B0AB8281FFA49B6EE5513B953A0AF44BC4F184575EF0C47B86DF3CE4508B00
                                                                                                                                                                                                          Function 00007FF8A84F50FC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DoubleErr_Float_FromNumericStringSubtypeType_Unicode_
                                                                                                                                                                                                          • String ID: not a numeric character
                                                                                                                                                                                                          • API String ID: 1034370217-2058156748
                                                                                                                                                                                                          • Opcode ID: 6f40b65d22250433ba970fef7b6fa96197446ff7b59d4b5f99bbc2bdbf8a30c1
                                                                                                                                                                                                          • Instruction ID: 84b4e3e482f02d90fce3556ce69aef4b58d8721c6eb6cc4d1d020d10b7818017
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f40b65d22250433ba970fef7b6fa96197446ff7b59d4b5f99bbc2bdbf8a30c1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95118E31E0B942A1FB649B25DA0413962A1EF44FC0F094138E94E43755DFACFC868268
                                                                                                                                                                                                          Function 00007FF8A84F4454 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DecimalDigitErr_FromLongLong_StringSubtypeType_Unicode_
                                                                                                                                                                                                          • String ID: not a decimal
                                                                                                                                                                                                          • API String ID: 3750391552-3590249192
                                                                                                                                                                                                          • Opcode ID: 397279be5b3b8a6810ec4f07cfde4af0a0996d7eeaf4260f441a94f7aa9927b5
                                                                                                                                                                                                          • Instruction ID: a73a84d7c45191d8d4ee527e4cfb3d55ef3db005efa4eb041930eb086c0dae1f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 397279be5b3b8a6810ec4f07cfde4af0a0996d7eeaf4260f441a94f7aa9927b5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7911A121B0BA42A1FB548F62E55413867A1FF84FD4F08843DDA0E97794DFACEC859328
                                                                                                                                                                                                          Function 00007FF8A84F1F20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Err_strncmp$DataFormatFromKindStringUnicode_
                                                                                                                                                                                                          • String ID: name too long$undefined character name '%s'
                                                                                                                                                                                                          • API String ID: 2291325159-4056717002
                                                                                                                                                                                                          • Opcode ID: 037af58450031210e4c1200c641c09ff3158a112c572d6a8f5e4bcf4814df1f1
                                                                                                                                                                                                          • Instruction ID: a4316bccc95adf0ae114db30535cd4844dfda75e00a435db939000ccc6747048
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 037af58450031210e4c1200c641c09ff3158a112c572d6a8f5e4bcf4814df1f1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83117071A0B907A1FB00DB54D8842B87360FB88FC9F40003ADA4D472A1DFADE94AC728
                                                                                                                                                                                                          Function 00007FF8A84F25E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Mem_$Capsule_Err_FreeMallocMemory
                                                                                                                                                                                                          • String ID: unicodedata._ucnhash_CAPI
                                                                                                                                                                                                          • API String ID: 3673501854-3989975041
                                                                                                                                                                                                          • Opcode ID: 4aee792f5c66c47e9953fad9dee25fce8d59659e004b9cbed73430be2ab25bbe
                                                                                                                                                                                                          • Instruction ID: c936237e1e1feb25e30c129b940dacd24aecc982bb70036fbff8ae4b81c7353c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4aee792f5c66c47e9953fad9dee25fce8d59659e004b9cbed73430be2ab25bbe
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BFF01430A1BB43A1FA458B51E9441B962A4FF08FC5F48103ED84E063A4EFACE844C338
                                                                                                                                                                                                          Function 00007FF7A3B39AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                          • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                          • Instruction ID: 022d1891b741e92b2fb70c7e450ca37ea52a64f87c3aafd83518e6aa9ced8e1e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14F0C221B0B70682FB94AF24E444339A322AF88761F850235CBEE56AF4DF3ED444C324
                                                                                                                                                                                                          Function 00007FF8B7823090 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2237255441.00007FF8B7821000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF8B7820000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237222809.00007FF8B7820000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237289405.00007FF8B7835000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237332601.00007FF8B783B000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237368731.00007FF8B783F000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b7820000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DeallocFromLong_Ssize_t$BoolCompareObject_Rich
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4107546884-0
                                                                                                                                                                                                          • Opcode ID: 6717d9f09abe7cde4ef4192eb1f0d521039471ba62db8a3f0d9d23952c1c319e
                                                                                                                                                                                                          • Instruction ID: 77ff898102751dc589b32355778fbe3e5ac8b4d0cd96e7d4db9445840ff1009c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6717d9f09abe7cde4ef4192eb1f0d521039471ba62db8a3f0d9d23952c1c319e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92119121F58B4241EA585B2DA92427DAAA1AF45BF2F581730EF3E02BF5DF2CE8414304
                                                                                                                                                                                                          Function 00007FF7A3B493D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _set_statfp
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1156100317-0
                                                                                                                                                                                                          • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                          • Instruction ID: c74ca89f358b4b356d11b32bb88f130a1fff18ac3febdf6f8050113ba688bed1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C11B262E0DA1309F6F43928F456375B0466F98370F86C634EAEE262F68E2E6D41412D
                                                                                                                                                                                                          Function 00007FF7A3B3B400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FlsGetValue.KERNEL32(?,?,?,00007FF7A3B3A613,?,?,00000000,00007FF7A3B3A8AE,?,?,?,?,?,00007FF7A3B3A83A), ref: 00007FF7A3B3B41F
                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7A3B3A613,?,?,00000000,00007FF7A3B3A8AE,?,?,?,?,?,00007FF7A3B3A83A), ref: 00007FF7A3B3B43E
                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7A3B3A613,?,?,00000000,00007FF7A3B3A8AE,?,?,?,?,?,00007FF7A3B3A83A), ref: 00007FF7A3B3B466
                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7A3B3A613,?,?,00000000,00007FF7A3B3A8AE,?,?,?,?,?,00007FF7A3B3A83A), ref: 00007FF7A3B3B477
                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7A3B3A613,?,?,00000000,00007FF7A3B3A8AE,?,?,?,?,?,00007FF7A3B3A83A), ref: 00007FF7A3B3B488
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                          • Opcode ID: 43a5c13e669b9c0dc60c9d5204f3187f9cebb30c335aac4df6ce1d0b58ad24f5
                                                                                                                                                                                                          • Instruction ID: 26cd80a8410da237365f220afdb8f74b394166ec3e82d3120ee7ed448435d4a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43a5c13e669b9c0dc60c9d5204f3187f9cebb30c335aac4df6ce1d0b58ad24f5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4116620B0A65282F5DCBF255651179E2435F847B0FD64335E8BD66EFADE2EE4018320
                                                                                                                                                                                                          Function 00007FF7A3B3B294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                          • Opcode ID: 8aa69c65082f5ed190463b1c2d732539134b8ecb86da000f77e4666776fecf75
                                                                                                                                                                                                          • Instruction ID: edd9b08be0a71f8ad7f839499045b92168a5afdc530680317978077d22bb670a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8aa69c65082f5ed190463b1c2d732539134b8ecb86da000f77e4666776fecf75
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47110A10E0F62682FADCBE2549111B9E1434F45320FD64735E9BE6AEF6DD2EB8014261
                                                                                                                                                                                                          Function 00007FF8B78280E0 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2237255441.00007FF8B7821000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF8B7820000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237222809.00007FF8B7820000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237289405.00007FF8B7835000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237332601.00007FF8B783B000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237368731.00007FF8B783F000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b7820000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Dealloc
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3617616757-0
                                                                                                                                                                                                          • Opcode ID: b2a2c73d3c2a29109a7251d683fb8fa7d1d31db93d72c7a972fec25033542430
                                                                                                                                                                                                          • Instruction ID: c0b0a45ca0a4e5e6be49f841c7af95a4e0706d9bef486b22f17579103fe9e300
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b2a2c73d3c2a29109a7251d683fb8fa7d1d31db93d72c7a972fec25033542430
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA211A72B58B0181EB658F3DA84837C2AE4AF48BBBF150734DB79112E4CF6ED4858308
                                                                                                                                                                                                          Function 00007FF7A3B36010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: verbose
                                                                                                                                                                                                          • API String ID: 3215553584-579935070
                                                                                                                                                                                                          • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                          • Instruction ID: 70054ae9cbd952bac33ed049bac66be63b1f3c719a32c11e9c64c9c91d3f225c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF91E722A0EA5641E7E9AE24D89137DB792AB00B54FC64135DACD63FE5DF3EE4058320
                                                                                                                                                                                                          Function 00007FF7A3B3FC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                          • API String ID: 3215553584-1196891531
                                                                                                                                                                                                          • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                          • Instruction ID: 04bb89e0989f4d341c241b54083c8f4ecd27ddb8e21abc1977336968a995237a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C81C732D0BA7385F7EC6E258104278B6A2AB11744FD74036DA8977EB5CB3FA9018321
                                                                                                                                                                                                          Function 00007FF7A3B2D6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                          • API String ID: 2395640692-1018135373
                                                                                                                                                                                                          • Opcode ID: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                          • Instruction ID: bd7dbfc6ff3dbbd0b29ba1b1ab33ddf74b0b8d80f43ccc614e9c8c4c73d70b24
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A51B432B1A7818ADB94AF55D004A78A392EB44B94F924238DEEE57774DF3EE841C710
                                                                                                                                                                                                          Function 00007FF7A3B2F2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                          • String ID: csm$csm
                                                                                                                                                                                                          • API String ID: 3896166516-3733052814
                                                                                                                                                                                                          • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                          • Instruction ID: 89943d34ba9c8239cf65c59947f8fe832c22dab1325f43ec24cb92fb45c2e8bc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F351D6325093C28AEBA4AF619044B68B7A1FB54B84F964336DADC677A5CF3DE450CB10
                                                                                                                                                                                                          Function 00007FF7A3B2EF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                                          • API String ID: 3544855599-2084237596
                                                                                                                                                                                                          • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                          • Instruction ID: 5328b2cf955713a8988c099e0ffa33b44f64ec3392a600ccac7bdefa6107ab2e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7061A132909BC581EBA09F55E440BAAB7A1FB84B84F854326EBDC17B65CF7DD190CB10
                                                                                                                                                                                                          Function 00007FF7A3B27E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(00000000,?,00007FF7A3B2352C,?,00000000,00007FF7A3B23F23), ref: 00007FF7A3B27F22
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateDirectory
                                                                                                                                                                                                          • String ID: %.*s$%s%c$\
                                                                                                                                                                                                          • API String ID: 4241100979-1685191245
                                                                                                                                                                                                          • Opcode ID: 517c45005fecb665460f06d6deeb7a52b86fc8f3bacaeb8cdec2a0b3fdaf0698
                                                                                                                                                                                                          • Instruction ID: 2492e31f17411689d10e414d40ead7e851728adc7afc385c6a3e85a54e69eee2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 517c45005fecb665460f06d6deeb7a52b86fc8f3bacaeb8cdec2a0b3fdaf0698
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA311A6171AAC145FAA1AF10A451BEAA355EF84BE0F810330EEED577EADE2DD2018710
                                                                                                                                                                                                          Function 00007FF7A3B22810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                          • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                          • API String ID: 2030045667-255084403
                                                                                                                                                                                                          • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                          • Instruction ID: e4bd206f0e03ce20c52509a245c2ed27afc31417aebad2fdebdf6dfdba407619
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F021E122B09B8182E690EF54F4457EAA3A1FB88780F810132EECD67666DE3DD205C710
                                                                                                                                                                                                          Function 00007FF8B617152D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: L_sk_new_nullL_sk_pushR_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                          • API String ID: 1176158178-349359282
                                                                                                                                                                                                          • Opcode ID: b97949d533b1b32835693e0a609ce1cb85964ee957a2b7509848bb86ff9a5740
                                                                                                                                                                                                          • Instruction ID: 92f990c1c2a5a475e71b01c7828ad7a24d10dd5dc92b1c4f05255cb7714bba5c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b97949d533b1b32835693e0a609ce1cb85964ee957a2b7509848bb86ff9a5740
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0117C61B0AB4281FFA49B69E0013B953A0AF48BC8F1C85B5EF0C47B86DF3CE4518B00
                                                                                                                                                                                                          Function 00007FF8B78288C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2237255441.00007FF8B7821000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF8B7820000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237222809.00007FF8B7820000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237289405.00007FF8B7835000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237332601.00007FF8B783B000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237368731.00007FF8B783F000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b7820000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DeallocErr_String
                                                                                                                                                                                                          • String ID: 'ArchaicUpperLowerPlugin' object attribute '_last_alpha_seen' cannot be deleted$str or None
                                                                                                                                                                                                          • API String ID: 1259552197-1607602726
                                                                                                                                                                                                          • Opcode ID: 4125b2f59b352141277054c037225919fec23e0b35bf6ff3d99e9ad912687951
                                                                                                                                                                                                          • Instruction ID: 59afeb1525ed592e98c5b2f4b7f3b645e3025d7a63ff5284e6b3186aea9fcf1b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4125b2f59b352141277054c037225919fec23e0b35bf6ff3d99e9ad912687951
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A117022B18B4682EE548B6DF55027D6760FF88BD5F585231EB1D477B4EE2CE4508308
                                                                                                                                                                                                          Function 00007FF8B619C8B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: L_sk_numL_sk_valueR_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 2441919041-1080266419
                                                                                                                                                                                                          • Opcode ID: ab69d39137ff3652811595b6eff4b64ae57194bf54768d7353638117b07989fd
                                                                                                                                                                                                          • Instruction ID: 9bbbb680f4e98c41cd0deecd673ed1a55774729a38217b31434da2f5fc2044df
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab69d39137ff3652811595b6eff4b64ae57194bf54768d7353638117b07989fd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4801A721F0C65281F7649B6DF04126A52A0EF857C4F6440B1EF9D97BDADE3DE9428700
                                                                                                                                                                                                          Function 00007FF8B61718B6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: X_copy_exX_new
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c$l
                                                                                                                                                                                                          • API String ID: 1626106133-3956761411
                                                                                                                                                                                                          • Opcode ID: 13850c50a85e1ba9e6398759b71311cd0572c899ca6984502e16fcf263f25ccb
                                                                                                                                                                                                          • Instruction ID: 5681754947e2aa6a2c09f796905fb8894aab244892e8479cbf716d955958d0f0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13850c50a85e1ba9e6398759b71311cd0572c899ca6984502e16fcf263f25ccb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E01F1A1B0A20285FBA09B39C4103BD36A4DF44BC8F0844B0EF4C8A781EF2CE5858B05
                                                                                                                                                                                                          Function 00007FF7A3B3C610 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2718003287-0
                                                                                                                                                                                                          • Opcode ID: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                          • Instruction ID: 97c9252dc580f2e7a38fda5d3af445bd9e7e9fe503792695819b16e9dd43d11b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65D15672B09A908AE754DFB4D4401ACB7B2FB04798B818235CE9DA7FA9DE3DD406C710
                                                                                                                                                                                                          Function 00007FF7A3B3CFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A3B3CFBB), ref: 00007FF7A3B3D0EC
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A3B3CFBB), ref: 00007FF7A3B3D177
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 953036326-0
                                                                                                                                                                                                          • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                          • Instruction ID: dd5283ee3991216c8abba2e56d138b5151f7218a88af6b87100fcd2c8eb3618d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E910832F1976185F794AF6598402BCABA2AB40B84F954139DE8E77EA4CF3ED441C720
                                                                                                                                                                                                          Function 00007FF8A84F1FE0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173stringCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: strncmp
                                                                                                                                                                                                          • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                                          • API String ID: 1114863663-87138338
                                                                                                                                                                                                          • Opcode ID: b4ef4179bf0a52eb89c3ccaad0542fa4ed29e9dc5726da8d4cf56c5f82179dfe
                                                                                                                                                                                                          • Instruction ID: afd79c7b96adb3171c599b9f64c93a4a14d467576e85d377b55d3a1162217e0b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4ef4179bf0a52eb89c3ccaad0542fa4ed29e9dc5726da8d4cf56c5f82179dfe
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75612632B1B65266E6648E19A90067A76A2FF80FC0F044239FA5D877C9DFBCDD05C718
                                                                                                                                                                                                          Function 00007FF7A3B3F9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _get_daylight$_isindst
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4170891091-0
                                                                                                                                                                                                          • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                          • Instruction ID: 98f28aa6dd58ed946582f0688e33363d78f690e73e6a08554a631d900b9d3c91
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D513B72F0652186FB58EF2899516BCA763AB10358F920136DD5E63EF5EF3DA401C710
                                                                                                                                                                                                          Function 00007FF7A3B357EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2780335769-0
                                                                                                                                                                                                          • Opcode ID: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                          • Instruction ID: 807ebeca4c7bcb8acf9fb6a2a0a1f33daea53434aebb29fa93c05d8e4440eb87
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9251E322E052518AFB98EF71D4543BD63A2AB44B58F564536DE8D67EA8DF3DD0408320
                                                                                                                                                                                                          Function 00007FF7A3B2D080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                          • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                          • Instruction ID: ce0a79b17b906597ea7843ed9e6c2702f6d943e911a0bcc315884647b985ed4c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5118822B15B05CAFB80EF70E8452A973A0FB08718F840E31DAAD927A4DF38D0548390
                                                                                                                                                                                                          Function 00007FF8B61915D0 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • OPENSSL_sk_dup.LIBCRYPTO-1_1(00000000,00007FF8B6190B9A), ref: 00007FF8B61915E9
                                                                                                                                                                                                          • OPENSSL_sk_free.LIBCRYPTO-1_1(00000000,00007FF8B6190B9A), ref: 00007FF8B6191604
                                                                                                                                                                                                          • OPENSSL_sk_set_cmp_func.LIBCRYPTO-1_1(00000000,00007FF8B6190B9A), ref: 00007FF8B6191616
                                                                                                                                                                                                          • OPENSSL_sk_sort.LIBCRYPTO-1_1(00000000,00007FF8B6190B9A), ref: 00007FF8B619161E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: L_sk_dupL_sk_freeL_sk_set_cmp_funcL_sk_sort
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1312970346-0
                                                                                                                                                                                                          • Opcode ID: 598c8e5cd6d05e11fd804926a84d7090815e485e0f8fd6f07b8beb3cf62fd99c
                                                                                                                                                                                                          • Instruction ID: afa8cf32c222d9b0331ed41b98405b01804c4997b6290bec6a100c949eb20d71
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 598c8e5cd6d05e11fd804926a84d7090815e485e0f8fd6f07b8beb3cf62fd99c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6F08262F0964181EA50EB2EF19227C52609F88BC4F4840B1FF0D4778AEE2CE4914700
                                                                                                                                                                                                          Function 00007FF7A3B45B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: ?
                                                                                                                                                                                                          • API String ID: 1286766494-1684325040
                                                                                                                                                                                                          • Opcode ID: 8108d8be77440c3e9c62f2a415d3a3f63afd5a4d850aaf976d1496cecaf540be
                                                                                                                                                                                                          • Instruction ID: b754ec3cff778f279a54610a46712aa21427f3d1f85a6ef5ad805f537329bb12
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8108d8be77440c3e9c62f2a415d3a3f63afd5a4d850aaf976d1496cecaf540be
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C417B12A0AA8642F7A4EF259401379D652EF80BA4F954236EEDC12AF6DF3ED040C714
                                                                                                                                                                                                          Function 00007FF8B6171816 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_ctrlmemcpy
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                          • API String ID: 2266715306-3140652063
                                                                                                                                                                                                          • Opcode ID: 454f2e2bc751be56a71d20967ac394b9c1a8524ba71c113b4090cf56ead37efd
                                                                                                                                                                                                          • Instruction ID: 35669d173ff8ae2397cd889159fc8a92e29a01738f68585eabd48d847738f7f3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 454f2e2bc751be56a71d20967ac394b9c1a8524ba71c113b4090cf56ead37efd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A514876204BC096D794DF25E5847AEBBA8FB88B90F104026EF9C87755DF78E0A5C700
                                                                                                                                                                                                          Function 00007FF7A3B39084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A3B390B6
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B3A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7A3B42D92,?,?,?,00007FF7A3B42DCF,?,?,00000000,00007FF7A3B43295,?,?,?,00007FF7A3B431C7), ref: 00007FF7A3B3A9CE
                                                                                                                                                                                                            • Part of subcall function 00007FF7A3B3A9B8: GetLastError.KERNEL32(?,?,?,00007FF7A3B42D92,?,?,?,00007FF7A3B42DCF,?,?,00000000,00007FF7A3B43295,?,?,?,00007FF7A3B431C7), ref: 00007FF7A3B3A9D8
                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7A3B2CC15), ref: 00007FF7A3B390D4
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: C:\Users\user\Desktop\builded.exe
                                                                                                                                                                                                          • API String ID: 3580290477-3059520164
                                                                                                                                                                                                          • Opcode ID: 2cf9991d5cc0f55d4af5251d222b056ff2fa25707e1fd1ed9fb4097698885552
                                                                                                                                                                                                          • Instruction ID: 8b647c6e1be784f76e23b3b4dd09b9445e77fa43f6ac83a45dbf65d0c43d5752
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cf9991d5cc0f55d4af5251d222b056ff2fa25707e1fd1ed9fb4097698885552
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37419635A0AB2289F798FF25A4401BCB7A6EB447C0BD64035E98D67FA5DF3EE4418310
                                                                                                                                                                                                          Function 00007FF7A3B3CCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                                          • API String ID: 442123175-4171548499
                                                                                                                                                                                                          • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                          • Instruction ID: a800494ad174def5a51bd4159de8a0fe1e05862edc97d9ae002e485caf732ca1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D741D432B19A9181EBA0EF65E4443B9A761FB88784F814131EE8D97BA8EF3DD401C750
                                                                                                                                                                                                          Function 00007FF8B617157D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                          • API String ID: 1767461275-2723262194
                                                                                                                                                                                                          • Opcode ID: 2d0c198d04c162e8d379b8396a8e76b04b6fe425097c24de9c8a53ead9ebc494
                                                                                                                                                                                                          • Instruction ID: dea2bfc1d835a3942b9a777e0976a0de458544cf163d380c2d0ad7ced299056c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d0c198d04c162e8d379b8396a8e76b04b6fe425097c24de9c8a53ead9ebc494
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15318D71708B8286EB64CF0AD8102A9A668FB88BC9F544075DF9D87B95DF3DEA01D700
                                                                                                                                                                                                          Function 00007FF8B6176560 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67timeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Time$System$File
                                                                                                                                                                                                          • String ID: gfff
                                                                                                                                                                                                          • API String ID: 2838179519-1553575800
                                                                                                                                                                                                          • Opcode ID: 12c171fb7924123b845f0450224228a85476b6b386dcff7bd870e799389df5a1
                                                                                                                                                                                                          • Instruction ID: 43c236b69d51385490c3375a2cc935b5514b3a6589c6f07b5f1fc2c74aac0a38
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12c171fb7924123b845f0450224228a85476b6b386dcff7bd870e799389df5a1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 042182B2A0868786EB548F2DE5503797BE1EB88BD8F448075EB4DC7755DE3CD6418700
                                                                                                                                                                                                          Function 00007FF7A3B3F628 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentDirectory
                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                          • API String ID: 1611563598-336475711
                                                                                                                                                                                                          • Opcode ID: 779a21297323b81187f7e0c7d27b40be9ec8fbab2d126766b2de98969da868de
                                                                                                                                                                                                          • Instruction ID: a2f69d312bd63d49a7180fa1d1f7cfe748b2af91fc9b9e43f3015c3d6386025d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 779a21297323b81187f7e0c7d27b40be9ec8fbab2d126766b2de98969da868de
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C21F722A0969182FBA4AF15D04426DB3B3FB84B84FD64036D6CD63EA4DF7ED944C760
                                                                                                                                                                                                          Function 00007FF8B61717A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: D_bytes_time64
                                                                                                                                                                                                          • String ID: DOWNGRD
                                                                                                                                                                                                          • API String ID: 3543108242-2922851170
                                                                                                                                                                                                          • Opcode ID: 12e017e5c1d57c15a0fa21407ca3c5bc420114fa899af10fbec8bb9e133dde29
                                                                                                                                                                                                          • Instruction ID: 6dfefa608415dca7686d751da009a6c49209eabfe3ae7556af0312da37b90df3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12e017e5c1d57c15a0fa21407ca3c5bc420114fa899af10fbec8bb9e133dde29
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D21A522F2868297E79C872DA56107D63A1EB943C0F544079EB1F87786DE28E8A5C700
                                                                                                                                                                                                          Function 00007FF8B617167C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                          • API String ID: 0-348624464
                                                                                                                                                                                                          • Opcode ID: feb43a3405793f7ca82caf4e42325958333485d8d80e463f293775f007369bbd
                                                                                                                                                                                                          • Instruction ID: 90bd471e9bd190bdcdd5f8de6d9b86028e2f0c4350f9668b52e7bd34f20487c7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: feb43a3405793f7ca82caf4e42325958333485d8d80e463f293775f007369bbd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A021F532B0824286E760DB59E4547BC3B94FB89394F948071EB4CCB792CE7DE585CB04
                                                                                                                                                                                                          Function 00007FF8B61968E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_errormemcpy
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 1385177007-1080266419
                                                                                                                                                                                                          • Opcode ID: 651fb27223c33793b3b525ad746924232991010c3660fc8222ecdac9da7829f9
                                                                                                                                                                                                          • Instruction ID: 178e749c0228262c7d99249118b3a33300d2418f3bffc067befb43f1ef749250
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 651fb27223c33793b3b525ad746924232991010c3660fc8222ecdac9da7829f9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E2190B2B0468196EB94DF29E4403ACA3A0FB48BC4F488075DF5D87795DF38E8A18720
                                                                                                                                                                                                          Function 00007FF8B61718A7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                          • String ID: ..\s\ssl\d1_msg.c
                                                                                                                                                                                                          • API String ID: 1767461275-424620239
                                                                                                                                                                                                          • Opcode ID: 91bae8b8feed8e6850f30c168b9dcf2da964c9ddd4befaa4290ec12815672435
                                                                                                                                                                                                          • Instruction ID: 1609289d952452d95840c7a67457ca95b9c2fc1f38651dec4a02d2bda588893d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91bae8b8feed8e6850f30c168b9dcf2da964c9ddd4befaa4290ec12815672435
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB113071A0864696E2209F69A8002B96760BF85BE4F6402B1FFAD47BD9DF3CE5448B10
                                                                                                                                                                                                          Function 00007FF8B6184880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DigestO_writeUpdate
                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                                          • API String ID: 1267058251-1839494539
                                                                                                                                                                                                          • Opcode ID: c4fe130afb9933a6c48cc054d916e2332491db211b7801996051882dd3acb78c
                                                                                                                                                                                                          • Instruction ID: e100ba5353f9811fdfe39013ae56f3215660b861ae7ca089cde2dc2325a31b57
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4fe130afb9933a6c48cc054d916e2332491db211b7801996051882dd3acb78c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B11A032F0C64145FB709B59E54037D27A0EB89BD4F184172EF5C97796DE2CD5429B00
                                                                                                                                                                                                          Function 00007FF7A3B2FDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                          • API String ID: 2573137834-1018135373
                                                                                                                                                                                                          • Opcode ID: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                          • Instruction ID: a2c359cddbdd7a7450ccb7e33ddbfb3309b2d44bae56f35279c8d796e1ee927c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45115B32609B8582EBA1DF25F40026AB7E1FB88B84F994231DBCD17769DF3DD5518B00
                                                                                                                                                                                                          Function 00007FF8B6171694 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_errorY_free
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                          • API String ID: 3485142574-2723262194
                                                                                                                                                                                                          • Opcode ID: 76a690a06073b4ae387dbcc6038ffaf8cf6d72af440c21cfccd437a65400e1a2
                                                                                                                                                                                                          • Instruction ID: f10484e88f7db6accccd1ab1dac6fd5fa2bd02f82f628beee4efacfe327c1125
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76a690a06073b4ae387dbcc6038ffaf8cf6d72af440c21cfccd437a65400e1a2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A01F762B0D68686E7409B38F4461EEA7A0EB88BC4F888070EF4D47B86DF3CD4018B00
                                                                                                                                                                                                          Function 00007FF7A3B407AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2232907044.00007FF7A3B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A3B20000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232873287.00007FF7A3B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2232966529.00007FF7A3B4B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233015483.00007FF7A3B61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233092944.00007FF7A3B64000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7a3b20000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                          • API String ID: 2595371189-336475711
                                                                                                                                                                                                          • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                          • Instruction ID: ed59c37109db945ea4bfcff21c099e1cafeb23a3d5449d0ba034455fa7f7c1c8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB01A72291E20386F7A4BF60946627EE3A1EF44744FC60136D5CD62AA1DF3EE5048B39
                                                                                                                                                                                                          Function 00007FF8A84F4F30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: String$Err_FromUnicode_
                                                                                                                                                                                                          • String ID: no such name
                                                                                                                                                                                                          • API String ID: 3678473424-4211486178
                                                                                                                                                                                                          • Opcode ID: 7a6655aafa68cf14d7b49650addb67a30f8bbda1d9d2751e0c3041d150185062
                                                                                                                                                                                                          • Instruction ID: af1898ba6fd71788a85ea68475b9de26aaef37e63321aba0d7decc188d3e16ba
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a6655aafa68cf14d7b49650addb67a30f8bbda1d9d2751e0c3041d150185062
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56016D31A1BA42A1FB609B61E8103B523A0FF98FC9F404039DE4E46251DFACE8058728
                                                                                                                                                                                                          Function 00007FF8B61B96DB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                          • String ID: )
                                                                                                                                                                                                          • API String ID: 3946675294-2427484129
                                                                                                                                                                                                          • Opcode ID: 1eb223866b316573cd142b8d4a18707288d03e927f3d6e88cab935a0b9264f15
                                                                                                                                                                                                          • Instruction ID: a96088e3384e8f04129e6a099070516cbf6223e060b8866c8e269687d049f6af
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1eb223866b316573cd142b8d4a18707288d03e927f3d6e88cab935a0b9264f15
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FF06262B0868186EB51DF1DE0443BD23A1EB86BD8F5841B4CB5D0B786DE7DD4868700
                                                                                                                                                                                                          Function 00007FF8B61B9332 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                          • String ID: &
                                                                                                                                                                                                          • API String ID: 3946675294-1010288
                                                                                                                                                                                                          • Opcode ID: bce02d8370a62550a3fd7c5583aeeedfee2178cd3a4eb7ae605b0b13832dd0b6
                                                                                                                                                                                                          • Instruction ID: 9e437dfc9076e241f850117961a385ad08a4d6241ca79a0d37045811f3d53cf3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bce02d8370a62550a3fd7c5583aeeedfee2178cd3a4eb7ae605b0b13832dd0b6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CDF09662B0864185EB50DF2DE0843BD23A0EB86BD8F5C41B4CB0D0B786CE7DD4868700
                                                                                                                                                                                                          Function 00007FF8B617254A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2236943283.00007FF8B6171000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B6170000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236911736.00007FF8B6170000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2236943283.00007FF8B61E3000.00000020.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237039813.00007FF8B61E5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237083589.00007FF8B6208000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B620D000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B6213000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2237116189.00007FF8B621A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8b6170000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: R_put_errormemcpy
                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                          • API String ID: 1385177007-1080266419
                                                                                                                                                                                                          • Opcode ID: 303f916de64884449533dbb62141de63a43bbc37be1bae7fd60e0ed3c3be0864
                                                                                                                                                                                                          • Instruction ID: 73b450d3f99a6ec43bbf67bd6adcb65ef4cfe4fe5341ed33f0400246c38b5871
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 303f916de64884449533dbb62141de63a43bbc37be1bae7fd60e0ed3c3be0864
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6E06561F1405A86E770AB6894067E927A0EB40380F900170E70D46691DE6E6657CB00
                                                                                                                                                                                                          Function 00007FF8A84F2650 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _PyObject_GC_New.PYTHON310(?,?,00000000,00007FF8A84F2563), ref: 00007FF8A84F2656
                                                                                                                                                                                                          • PyObject_GC_Track.PYTHON310(?,?,00000000,00007FF8A84F2563), ref: 00007FF8A84F2688
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000002.00000002.2233214674.00007FF8A84F1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8A84F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233136958.00007FF8A84F0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A84F6000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A8552000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A859E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85A2000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233260599.00007FF8A85FB000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233636447.00007FF8A85FF000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000002.00000002.2233672830.00007FF8A8601000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a84f0000_builded.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Object_$Track
                                                                                                                                                                                                          • String ID: 3.2.0
                                                                                                                                                                                                          • API String ID: 16854473-1786766648
                                                                                                                                                                                                          • Opcode ID: 69c2b4e3579cbbdfeaa96c61cbd88fc537ba55c567b2cadc9d0896fd70d47e88
                                                                                                                                                                                                          • Instruction ID: 53305d370049128a37fe2a3716b78b24f68a6fcd090eff193a22a258087c15ae
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69c2b4e3579cbbdfeaa96c61cbd88fc537ba55c567b2cadc9d0896fd70d47e88
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8E07575A0BB12A1FB158B61A84506432A4FF08F95F54013DCD9D02360EFBCE9A4C368